The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external markdown files (SKILL.md) and repository metadata to provide discovery results. An attacker could potentially embed malicious instructions in a repository's skill documentation that the agent might follow when summarizing or recommending the skill.
Ingestion points: The skill reads external data from mcp_fusion_skills, GitHub search results, and repository files via gh CLI and GraphQL.
Boundary markers: The instructions do not specify strict delimiters for the external content, though they do advise the agent to use uncertainty language and not to invent results.
Capability inventory: The agent has the ability to execute shell commands (gh, npx) and call MCP tools based on the discovery results.
Sanitization: No explicit sanitization or filtering of the retrieved file content is mentioned beyond instructions to remain concise.
[COMMAND_EXECUTION]: The skill uses shell commands for discovery, including gh search code, gh api graphql, and npx skills add --list. These commands are used for read-only inspection of repositories and are consistent with the skill's stated purpose of discovery.
[EXTERNAL_DOWNLOADS]: The skill utilizes npx to list available skills, which may involve downloading or interacting with the NPM registry, a well-known service. The usage is targeted at the author's own repository (equinor/fusion-skills).

fusion-discover-skills