The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via ingestion of docs/PRD.md and docs/mcp-tool-registry.yaml. While it lacks explicit boundary markers for these inputs, the capability inventory is limited to implementation and testing tasks. Sanitization is addressed by mandating strict schema validation and filesystem sandboxing in the generated tool code.
[COMMAND_EXECUTION]: The skill instructs the agent to run local development scripts such as ./scripts/smoke-test.sh and standard utilities like npx tsc and mypy to validate the server implementation.

mcp-server-dev