The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill includes documentation and scripts with hardcoded default credentials used for local development setup.
Evidence: SKILL.md contains an example command drush site:install standard --site-name="My Site" --account-name=admin --account-pass=admin. references/config-yaml.md includes a hook example exec: drush user:password admin "admin".
[COMMAND_EXECUTION]: The skill provides instructions for creating custom shell scripts, making them executable, and utilizing automated lifecycle hooks that run arbitrary commands in the container.
Evidence: SKILL.md demonstrates creating .ddev/commands/web/fresh-install and running chmod +x. references/config-yaml.md outlines multiple hooks (post-start, post-import-db) using exec to run commands inside the web container.
[EXTERNAL_DOWNLOADS]: The skill documentation includes procedures for downloading project dependencies and core software from external sources.
Evidence: SKILL.md lists commands like ddev composer create drupal/recommended-project and git clone repo-url for project initialization.
[PROMPT_INJECTION]: The skill features capabilities that ingest untrusted external data, forming a surface for indirect prompt injection.
Ingestion points: The skill uses ddev import-db and ddev import-files to bring external database snapshots and file archives into the active environment context.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided templates for data ingestion.
Capability inventory: The skill utilizes extensive capabilities including shell access via ddev ssh, database management via drush, and automated script execution via DDEV hooks.
Sanitization: SKILL.md mentions ddev drush sql-sanitize -y as an optional step to clean database content, which is a best practice for privacy but does not fully mitigate prompt injection risks.

drupal-ddev