The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill frequently downloads project templates and boilerplate code from external GitHub repositories. The default repositories reside within the vendor's own namespace (constructive-io/pgpm-boilerplates and constructive-io/sandbox-templates).
[COMMAND_EXECUTION]: The instructions guide the agent and user to execute several shell commands, including pgpm init, pnpm install, pnpm dev, pnpm codegen, and npx shadcn@latest. These are used for project initialization, package management, and running local development environments.
[REMOTE_CODE_EXECUTION]: The core workflow involves downloading remote code (templates) and subsequently executing it via pnpm install (which runs lifecycle scripts) and pnpm dev. While the default sources are vendor-controlled, the tool supports arbitrary third-party repositories via the --repo flag.
[DATA_EXFILTRATION]: The template authoring system includes 'resolvers' that automatically access local configuration data to populate project files. Specifically, it retrieves git.user.name, git.user.email, and npm.whoami from the local environment to set author and organization fields in the generated project metadata.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from remote repositories (specifically .boilerplate.json configuration files and template content) without explicit boundary markers or sanitization, which could influence agent behavior if a malicious repository is used.
Ingestion points: Remote boilerplate repositories specified via the --repo flag (referenced in references/pgpm-init.md and references/authoring-templates.md).
Boundary markers: None present in the instructions for handling template content.
Capability inventory: Subprocess execution via pgpm, pnpm, and npx commands.
Sanitization: No validation or sanitization of remote template content or configuration fields is described.

constructive-starter-kits