The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches missing reference files from the author's GitHub repository at https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}. This is a vendor-owned resource but involves fetching configuration from a remote source if local files are missing.\n- [COMMAND_EXECUTION]: Executes a variety of build and dependency restoration tools including npm, yarn, pnpm, dotnet, pip, poetry, go, cargo, mvn, and gradle based on detected project types in the local environment.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing external data and using it to drive execution.\n
Ingestion points: Reads project-specific files such as package.json, pyproject.toml, Cargo.toml, pom.xml, and build.gradle (SKILL.md) to determine project types and build steps.\n
Boundary markers: No specific delimiters or instructions to ignore embedded malicious content (like instructions within package.json scripts) are present in the skill's workflow.\n
Capability inventory: Executes shell commands and build processes through the Monitor or Bash tools, providing a path for execution of malicious scripts defined in ingested files.\n
Sanitization: Lacks explicit validation or sanitization for the content of the ingested configuration files before executing the related build and restoration commands.

ln-781-build-verifier