The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes multiple command-line utilities for deck analysis, including mana-audit, legality-audit, and price-check. These are executed locally via the uv run environment to manage the deck-building workflow.
[EXTERNAL_DOWNLOADS]: The skill fetches bulk card data from Scryfall, a well-known and trusted service in the MTG community, to provide accurate oracle text and pricing information. This data is used to validate card information within the local environment.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its use of web research tools to ingest metagame data and sample decklists.
Ingestion points: The agent uses WebSearch, WebFetch, and a specialized web-fetch script (designed to handle bot-blocked sites) to retrieve external content into its context from SKILL.md.
Boundary markers: There are no explicit delimiters or specific instructions provided to the agent to treat fetched web content as untrusted data.
Capability inventory: The skill has the ability to write to the filesystem via the Write tool and build-deck script to save generated decklists.
Sanitization: The skill implements the 'Iron Rule,' which explicitly mandates that the agent must verify all card data using official oracle text via scryfall-lookup. This validation step significantly mitigates the risk of acting on malicious or incorrect instructions embedded in fetched web data.

deck-builder