The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Python scripts (init_skill.py and package_skill.py) to initialize directory structures and validate the final skill package. These scripts are located in the plugins/plugin-creator directory and are part of the intended developer workflow.
[EXTERNAL_DOWNLOADS]: The research process utilizes several tools to download content from the web, including WebFetch for scoping and mcp__Ref or mcp__exa for extracting documentation and code samples. It also suggests using the GitHub CLI (gh) and git clone for repository analysis.
[PROMPT_INJECTION]: As a research orchestrator that processes untrusted data from external sources, the skill has a surface for indirect prompt injection. Malicious content on researched documentation sites could theoretically influence the behavior of the research sub-agents or be inadvertently included in the resulting skill code.
[SAFE]: The skill implements several security-positive patterns, such as mandatory citation formats (Source URL + Access Date), explicit anti-hallucination checkpoints to prevent reliance on training data, and multiple 'Quality Gates' to verify that research is distinct and complete.

skill-research-process