The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads external Node.js packages during the build and validation workflow. Evidence: SKILL.md instructions include npm ci, npx skillcheck, and npx agnix.
[REMOTE_CODE_EXECUTION]: The workflow executes third-party code from the npm registry which is not from a trusted source. Evidence: The skill uses npx agnix and npx skillcheck to execute tools at runtime.
[COMMAND_EXECUTION]: The skill performs various shell operations to manage dependencies and validate its output. Evidence: SKILL.md defines commands like npm ci, npm run build, and node packages/skillcheck/bin/skillcheck.js.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by reading and acting upon potentially untrusted markdown content found within the repository. 1. Ingestion points: SKILL.md and review-prompt.md ingest content from all files matching */references/*rubric*.md. 2. Boundary markers: No delimiters or explicit warnings to ignore instructions within the ingested files are present. 3. Capability inventory: The agent possesses the capability to modify the file system and execute shell commands via node and npm. 4. Sanitization: There is no evidence of content sanitization or validation of the rubric data before processing.

writing-rubrics