The Agent Skills Directory

[COMMAND_EXECUTION]: The script references/skills-update-local.ts performs dynamic command execution. It reads skill sources and names from skills-lock.json and uses them to construct arguments for Bun.spawn, which executes the bunx skills@latest add command. This pattern allows for the execution of installation routines based on the content of a local JSON file.
[PROMPT_INJECTION]: The skill workflow is vulnerable to indirect prompt injection through its handling of external package metadata. In SKILL.md, the agent is instructed to fetch release notes from GitHub (gh release view) and use that information to apply "context-aware fixes" and identify breaking changes. Malicious instructions placed in a public GitHub release could potentially manipulate the agent into performing unauthorized code changes.
Ingestion points: SKILL.md directs the agent to fetch external content using gh release view during Step 2 of the update strategy.
Boundary markers: No boundary markers or instructions to ignore embedded prompts are provided for the analysis of release notes.
Capability inventory: The agent has the capability to modify source code, install npm packages, and commit changes to the repository.
Sanitization: No sanitization or validation is performed on the external release note content before it is processed and used to guide code modifications.

update-packages