The Agent Skills Directory

[COMMAND_EXECUTION]: The skill identifies project context by scanning the working directory for dependency manifest files, including package.json, requirements.txt, pyproject.toml, go.mod, Cargo.toml, and pom.xml. This enables automated version detection for libraries and frameworks.
[EXTERNAL_DOWNLOADS]: The skill retrieves documentation from a maintained list of 68+ official sites and leverages several fallback patterns to fetch markdown content from GitHub, sitemaps, and technology-specific URLs (e.g., FastAPI, PostgreSQL, Stripe, AWS). These downloads are restricted to documentation-related text and indices.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data from the internet.
Ingestion points: Fetches llms.txt, llms-full.txt, GitHub raw markdown files, and web search results (noted in SKILL.md and references/fallback-strategies.md).
Boundary markers: Absent; the instructions do not explicitly command the agent to ignore instructions that might be embedded within the fetched documentation text.
Capability inventory: Read-only access to project configuration files and web-fetching capabilities via standard tools.
Sanitization: The skill uses a targeted fetch approach to extract only relevant sections of documentation, though it lacks programmatic sanitization of the fetched text before context interpolation.

docs-guide-knowledge