The Agent Skills Directory

[DATA_EXFILTRATION]: The documentation for the file() function in references/concept_content_file.md explicitly supports and provides examples for reading files using absolute paths, such as /users/username/path/to/file.txt. This capability allows the retrieval of sensitive system files, configuration data, or private credentials if the file path is manipulated by a malicious actor.
[COMMAND_EXECUTION]: The skill instructs the agent to run the npx intlayer build command in SKILL.md. This command processes content declaration files which, as shown in references/concept_content.md, are JavaScript or TypeScript modules that are executed during the build process. These modules have access to process.env and can perform arbitrary logic, allowing for command execution within the build environment.
[EXTERNAL_DOWNLOADS]: The framework's content declaration files support dynamic data fetching via the fetch() function, as demonstrated in the examples in references/concept_content.md. This allows the framework to retrieve and incorporate data from external URLs during the dictionary generation process.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from multiple sources. Ingestion points: The framework reads local files via file() and fetches remote data via fetch(). Boundary markers: No markers or explicit safety instructions are provided to distinguish between content and potential instructions within the ingested data. Capability inventory: The framework supports command execution via the build process, arbitrary file reading, and network requests. Sanitization: The documentation does not describe any sanitization, validation, or path-restricted access for the files and URLs it processes.

intlayer-usage