The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill instructs the installation of several external binaries and libraries via brew install and go get. The sources (github.com/charmbracelet) are well-known in the developer community but are not on the explicit trusted organization list.\n- PROMPT_INJECTION (LOW): Category 8: Indirect Prompt Injection surface. The skill captures external data via TUI primitives and interpolates them into system commands. \n
Ingestion points: gum input, gum choose, and gum filter in SKILL.md.\n
Boundary markers: Absent in code snippets.\n
Capability inventory: Shell execution through git commit and curl commands.\n
Sanitization: Snippets do not demonstrate escaping or validation of user-inputted variables (e.g., $MSG) before shell interpolation.\n- CREDENTIALS_UNSAFE (SAFE): A dummy key sk-1234567890 is provided as an illustrative example for the skate tool. This is a common documentation placeholder and not a functional secret. The pop email tool correctly recommends using environment variables for SMTP credentials.

building-glamorous-tuis