The Agent Skills Directory

[COMMAND_EXECUTION]: The REFERENCE.md file contains a command to start the Node.js inspector bound to all network interfaces (node --inspect=0.0.0.0:9229). This configuration allows any remote user with network access to the port to connect to the debugger and execute arbitrary JavaScript code with the privileges of the Node.js process.
[DATA_EXFILTRATION]: The REFERENCE.md file provides code to generate and save heap snapshots via v8.writeHeapSnapshot(). Heap snapshots contain a complete copy of the application's memory at a given time, which likely includes sensitive data such as session tokens, environment variables, API keys, and user-provided information.
[PROMPT_INJECTION]: The skill implements patterns for fetching data from external URLs (e.g., the useFetch composable) and rendering it within components, creating a surface for indirect prompt injection.
Ingestion points: Data is fetched from potentially untrusted sources via the fetch API in the useFetch composable and Pinia store actions in REFERENCE.md.
Boundary markers: There are no boundary markers or explicit 'ignore instructions' warnings implemented when processing or rendering the fetched data.
Capability inventory: The skill is granted extensive capabilities including Bash, Write, Edit, and WebFetch.
Sanitization: While mentioned as a general best practice in SKILL.md, there is no specific sanitization or validation logic implemented in the provided code snippets to prevent malicious data from influencing the agent's behavior.

nodejs-development