The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides installation instructions for the ty tool using standalone scripts from astral.sh (e.g., curl -LsSf https://astral.sh/ty/install.sh | sh). These are official distribution channels for a well-known vendor in the Python ecosystem.
[COMMAND_EXECUTION]: The SKILL.md file uses dynamic context injection (!ty --version) to retrieve the installed version of the tool at load time. This is a legitimate and safe use of the platform's dynamic context features for capability discovery.
[DATA_EXFILTRATION]: The sync_ty_releases.py script performs network requests to the GitHub API (api.github.com) to retrieve release information. This activity is transparently documented and restricted to a well-known, trusted service.
[PROMPT_INJECTION]: The sync_ty_releases.py script ingests data from an external source (GitHub Releases) and updates SKILL.md, creating an indirect prompt injection surface. This is evaluated as safe based on the following: 1. Ingestion points: astral-sh/ty GitHub releases API. 2. Boundary markers: Content is isolated within the Version Information section of SKILL.md. 3. Capability inventory: The skill has network access (httpx) and file system access (write_text). 4. Sanitization: The script uses specific regex patterns to extract feature highlights rather than performing raw ingestion of untrusted markdown.

ty