The Agent Skills Directory

[SAFE]: The skill provides detailed and accurate guidance on Drupal security, specifically emphasizing the use of parameterized database queries to prevent SQL injection and the sanitization of user-facing strings to prevent XSS.
[COMMAND_EXECUTION]: The skill integrates standard CLI workflows for Drupal development, including the use of Drush for code generation and site management. These commands are localized to the development environment and follow established community standards.
[EXTERNAL_DOWNLOADS]: The skill references downloading and researching modules from the official drupal.org repository and using Composer for dependency management, both of which are trusted and well-known services.
[PROMPT_INJECTION]: The skill describes an 'Inside-Out' development approach that involves reading local project files to gather context for code generation. This is identified as a potential surface for indirect prompt injection if a local codebase contains malicious instructions. Ingestion points: Local module files (src/, config/, services.yml). Boundary markers: None specified for the analysis of local files. Capability inventory: Execution of local Drush commands and PHP file scaffolding. Sanitization: No explicit sanitization or filtering of the codebase context is described.

drupal-expert