The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill recommends installing various packages from the official @effect NPM organization and references code examples from the Effect-TS GitHub repository. These sources are considered well-known and trusted in the context of TypeScript development.
[COMMAND_EXECUTION]: Provides documentation for the ChildProcessSpawner service to execute system commands like git, node, and pnpm. While these are intended for development workflows, they represent a capability that requires careful handling of inputs.
[PROMPT_INJECTION]: The skill documents the creation of services that ingest untrusted data from HTTP APIs and AI model responses while maintaining capabilities like shell execution and network access. This creates a surface for indirect prompt injection.
Ingestion points: Untrusted data enters via HTTP handlers (references/http-api.md) and AI generated content (references/ai-modules.md).
Boundary markers: Code examples lack explicit delimiters or specific instructions for the agent to ignore embedded commands within processed data.
Capability inventory: Significant capabilities are documented across scripts, including shell execution (ChildProcessSpawner) and outbound network requests (HttpClient).
Sanitization: The reference implementations do not explicitly demonstrate sanitization of external inputs before they are utilized in sensitive operations.

building-with-effect