The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The inkeep add command pulls project templates and MCP server code from the official Inkeep GitHub repository (github.com/inkeep/agents). This is an intended feature for bootstrapping agent projects.
[COMMAND_EXECUTION]: The inkeep update command executes shell commands via package managers (npm, pnpm, yarn, bun) to manage the CLI version. The documentation includes instructions for using sudo to resolve permission issues during global installations.
[REMOTE_CODE_EXECUTION]: The SDK supports functionTool definitions that execute JavaScript code within isolated sandboxes. These tools can load dependencies from the project's environment using require(), which is necessary for integrating custom business logic and third-party APIs.
[PROMPT_INJECTION]: The documentation describes how to ingest data from external webhooks and HTTP headers. This creates an indirect prompt injection surface. The SDK mitigates this by providing built-in support for Zod schemas to validate and structure incoming data.
[PROMPT_INJECTION]: Indirect injection analysis:
Ingestion points: Untrusted data enters the agent context through webhook triggers (webhooks-triggers-overview.md), HTTP headers (headers-passing-context.md), and context fetchers (context-fetchers-overview.md).
Boundary markers: The system utilizes {{placeholder}} template syntax for data interpolation into prompts.
Capability inventory: Agents can execute arbitrary logic in sandboxes (functionTool), perform network requests, and interact with external systems via MCP tools.
Sanitization: The SDK enforces structured data validation using Zod and JSON Schema to ensure incoming payloads match expected formats before processing.

typescript-sdk