The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a Bash tool to perform project initialization tasks such as git init and npm init. While these are standard developer workflows, the ability to execute shell commands is a sensitive capability that requires caution.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from existing projects during its discovery phase.
Ingestion points: The Read and Glob tools are used to analyze the existing structure of a project, potentially reading files like READMEs or configuration files provided by a user.
Boundary markers: The instructions do not define clear boundaries or 'ignore' rules for content found within the files it reads, making it possible for malicious instructions in those files to be followed by the agent.
Capability inventory: The skill possesses powerful tools including Bash for command execution, as well as Write and Edit for modifying the filesystem.
Sanitization: There is no mention of sanitizing or validating the contents of the files being read before the agent acts upon the information they contain.

project-bootstrapping