The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install additional resources from an external GitHub repository (coreyhaines31/marketingskills) using 'npx skills' and 'git clone'. These sources are not part of the trusted vendor list and represent an external dependency risk.
[COMMAND_EXECUTION]: The installation methods involve executing shell commands such as 'npx', 'git', and 'cp', which can be used to pull and execute code from remote sources.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the user's project files (e.g., 'src/pages/index.tsx') and a generated context file ('context.md') to perform audits and generate code.
Ingestion points: Reads project source code from paths like 'src/pages/index.tsx' and the shared '.agents/skills/product-marketing-context/context.md' file.
Boundary markers: No specific boundary markers or 'ignore' instructions are used to separate user-provided data from the skill's operational logic.
Capability inventory: The skill possesses the capability to read project files, write new markdown documentation, and generate executable code snippets (React, JavaScript).
Sanitization: No sanitization, filtering, or validation of the external content is performed before it is processed by the agent.

marketingskills-ai-agents