The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates the download of dependencies from well-known registries using standard package managers (Composer and NPM) for PHP frameworks and the Serverless framework CLI.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute deployment scripts and run local development environments, such as vendor/bin/bref deploy and serverless offline.
[PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill generates project structures and infrastructure configurations based on untrusted user requirements (Category 8).
Ingestion points: User requirements for project creation (e.g., 'Create a Symfony Lambda REST API') serve as inputs for file generation in SKILL.md.
Boundary markers: The templates do not implement boundary markers or instructions to the model to ignore embedded malicious instructions in user-provided content.
Capability inventory: The skill possesses the Write, Edit, and Bash tools, which could be used to create or execute malicious code if the generation process is compromised.
Sanitization: No explicit sanitization or validation logic is defined to check user input before it is interpolated into serverless.yml or PHP source files.
[COMMAND_EXECUTION]: Configuration templates in SKILL.md and references/bref-lambda.md include IAM role examples using wildcards (Resource: '*'), which violates the principle of least privilege and could lead to excessive permissions if deployed as-is.

aws-lambda-php-integration