The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill initiates the download and installation of external software components.
Fetches and installs the @leeguoo/yapi-mcp package globally using npm.
Installs a skill extension from the leeguooooo/cross-request-master GitHub repository.
Installs the agent-browser-stealth runtime for browser automation tasks.
[REMOTE_CODE_EXECUTION]: Executes code provided by external registries or repositories.
Uses npx to dynamically execute the @leeguoo/yapi-mcp package.
Contains a yapi self-update command, which is a mechanism for downloading and executing new versions of the CLI tool.
[COMMAND_EXECUTION]: Performs several shell-level operations to manage the environment and user data.
Uses rg (ripgrep) to programmatically read and extract values from local configuration files.
Invokes the yapi command-line interface for complex tasks like synchronization and authentication.
[DATA_EXFILTRATION]: Accesses and processes sensitive credential and configuration stores.
Reads authentication secrets and tokens from ~/.yapi/config.toml and ~/.yapi-mcp/auth-*.json.
Transmits local documentation content to remote YApi servers via the docs-sync functionality.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core documentation processing logic.
Ingestion points: Fetches raw interface documentation and search results from potentially untrusted YApi servers using yapi search and yapi interface get (SKILL.md).
Boundary markers: No delimiters or protective instructions are used when passing external documentation content to the agent for summarization.
Capability inventory: The agent has the ability to execute shell commands, install global packages, and write files to the system.
Sanitization: No evidence of validation or sanitization of the fetched JSON/Markdown documentation before processing.

yapi