The Agent Skills Directory

[DATA_EXFILTRATION]: The skill fetches public configuration and metadata from external sources including GitHub (raw.githubusercontent.com), NuGet (api.nuget.org), and Docker Hub (hub.docker.com). These are well-known services and the data retrieved (release indexes, package versions, image tags) is used for project configuration. No sensitive data is transmitted.
[COMMAND_EXECUTION]: The provided Dockerfile template (assets/library/.docfx/Dockerfile.docfx) contains a command to remove files (rm -rf /usr/share/nginx/html/*). This is a standard and safe operation within a container build process to clear default web server content before deploying the generated documentation.
[PROMPT_INJECTION]: The skill ingests data from external APIs (NuGet and GitHub). This represents an indirect prompt injection surface where a compromise of those metadata sources could theoretically influence the agent's output. However, the skill only extracts specific version strings, and the risk is assessed as low due to the use of trusted sources and the lack of complex capability chains.
[SAFE]: All external resource references trace back to the vendor's own infrastructure (codebeltnet) or established, well-known technology providers. The operations performed are consistent with the skill's stated purpose of scaffolding a development environment.

dotnet-new-lib-slnx