The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes instructions to run standard development commands such as npx typedoc for documentation generation and python -m http.server for local preview. These are typical for the stated purpose of managing project documentation and do not involve suspicious or unauthorized command patterns.\n- [EXTERNAL_DOWNLOADS]: The documentation suggests installing well-known development tools and plugins (e.g., typedoc, @compodoc/compodoc) from official package registries. It also references official GitHub Actions for CI/CD workflows from trusted sources (GitHub), which is standard practice for modern development automation.\n- [DATA_EXPOSURE]: The skill provides best practices for managing sensitive information, explicitly warning never to include secrets or credentials in documentation. Examples correctly demonstrate using environment variables for sensitive configuration like JWT secrets, aligning with security best practices.\n- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads and processes external TypeScript source code files. However, this is inherent to its primary function of generating documentation. No specific patterns attempting to exploit this surface or bypass agent safety protocols were found.

typescript-docs