The Agent Skills Directory

[SAFE]: The skill consists of extensive documentation and reference files (35 reference guides and various core files) for the 'tsdown' library bundler. No malicious code, hidden instructions, or obfuscation techniques were identified within these files.\n- [COMMAND_EXECUTION]: The documentation describes standard build tool features such as the onSuccess CLI flag and lifecycle hooks (e.g., build:done) that allow for executing arbitrary shell commands or JavaScript code. While these are powerful capabilities, they are documented as legitimate features for automation and build-time tasks.\n- [EXTERNAL_DOWNLOADS]: The reference material guides the agent on installing dependencies from trusted registries (npm/pypi) and mentions official plugins from the 'rolldown' and 'sxzz' organizations. These references are neutral and informative, following standard developer tool patterns.\n- [INDIRECT_PROMPT_INJECTION]: As a build tool skill, it is designed to interact with and process user-provided source code and configuration files. This presents an inherent attack surface for indirect prompt injection (e.g., via malicious project configurations), but the skill itself does not contain any exploitable logic or bypass instructions.

tsdown