The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent or user to install the @aicontextlab/cli package globally via NPM or execute it using npx. This package is an external dependency originating from a source that is not included in the verified trusted vendors list.- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform repository initialization, document management, and configuration tasks. This includes the oc config set command for handling embedding API keys, which may lead to credential exposure in command history or environment logs if not managed securely.- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8).
Ingestion points: The agent reads project context and searchable decisions from repository files (such as decision-log.md and pitfalls.md) using oc doc ls, oc search, and the Read tool.
Boundary markers: The skill's instructions lack explicit boundary markers or delimiters to differentiate between the agent's instructions and the untrusted data being ingested from the repository.
Capability inventory: The agent is granted Bash, Write, Read, Grep, and Glob tools, providing a significant attack surface if malicious instructions are embedded in the repository documents.
Sanitization: There is no evidence of sanitization, validation, or escaping of the content retrieved from the repository before it is incorporated into the agent's context.

opencontext