The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The 'Onboarding' section explicitly instructs the agent to ask the user for API keys and add them to environment variables. This practice encourages the exposure of secrets within the LLM's context and history.- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill creates an attack surface by combining untrusted data ingestion with high-privilege execution capabilities.
Ingestion points: User requirements ($ARGUMENTS), web research reports from 'researcher' subagents, and asset analysis (images/videos).
Boundary markers: Absent. No instructions are provided to the subagents to ignore or sanitize embedded instructions in research data.
Capability inventory: File system writes (code/docs), git operations (commit/push), and execution of compilers and test runners via subprocesses.
Sanitization: Absent. External data is processed and used to generate implementation plans and code without filtering or escaping.- [COMMAND_EXECUTION] (HIGH): The skill invokes compilers and test runners ('Run type checking and compile', 'Use tester subagent to run the tests') on code it has dynamically generated. If the code generation is influenced by malicious research data (Category 8), this results in remote code execution.- [DYNAMIC_EXECUTION] (MEDIUM): The workflow relies on 'Implementation' followed by 'Testing', where the agent generates executable code and immediately runs it. While standard for bootstrapping, it lacks safety boundaries for the generated code.

bootstrap-auto