The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill creates a high-risk attack surface by combining external data ingestion with shell execution capabilities.
Ingestion points: The skill uses WebFetch to retrieve content from dfinity.github.io and github.com/dfinity/icp-cli.
Boundary markers: Absent; there are no instructions to the agent to treat fetched content as untrusted or to ignore embedded instructions.
Capability inventory: The agent has access to the Shell tool, enabling it to run icp CLI commands and system utilities like kill and lsof.
Sanitization: Absent; the skill does not define any validation or filtering for the data fetched from external URLs before it influences the agent's logic or command generation.
[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill fetches documentation and potentially repo context from sources outside the [TRUST-SCOPE-RULE] (dfinity.github.io). While these are official project pages, they are not on the pre-approved whitelist, making them unverifiable in a strict security context.
[Privilege Escalation] (MEDIUM): The skill provides instructions for the agent to use the kill command based on lsof output. While intended for troubleshooting port conflicts, this grants the agent the capability to terminate arbitrary system processes.

icp-cli-usage