The Agent Skills Directory

[PROMPT_INJECTION]: The skill provides patterns for implementing hooks that process external, untrusted data, creating an attack surface for indirect prompt injection.
Ingestion points: The on_post_tool_use callback processes potentially attacker-controlled tool_output, and on_user_prompt_submit processes the user's message (documented in SKILL.md and modules/sdk-callbacks.md).
Boundary markers: Documentation examples demonstrate simple string interpolation for context injection (e.g., f"{context}\n\n{message}") without mandatory use of delimiters or 'ignore' instructions for the agent.
Capability inventory: Hooks can execute shell commands via the Bash tool, modify files via the Edit tool, and perform network requests using aiohttp or requests as shown in the performance guidelines.
Sanitization: The skill correctly provides defensive patterns, such as the SecureLoggingHooks regex implementation used to redact credentials from tool outputs before logging.
[COMMAND_EXECUTION]: The skill documents and provides patterns for executing arbitrary shell commands through the agent's runtime environment.
SKILL.md describes the use of declarative JSON hooks with "type": "command" to run shell scripts like validate-command.sh or format-on-save.sh.
The scripts/README.md documentation recommends integrating validation scripts into Git pre-commit hooks and CI/CD pipelines.

hook-authoring