The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface. The skill requires the agent to find a quickstart URL within the clerk-ios package documentation, append .md to it, and follow the instructions contained in the resulting remote markdown file to modify the project. This creates a trust chain vulnerability where compromised remote documentation could be used to inject malicious instructions into the agent's workflow.
Ingestion points: Remote markdown files fetched from URLs discovered in the clerk-ios package's README.md (as specified in SKILL.md Execution Gate 8).
Boundary markers: None; the skill does not instruct the agent to use delimiters or ignore potentially malicious instructions within the fetched content.
Capability inventory: The skill empowers the agent to perform package installations, modify Xcode project configurations (e.g., adding Associated Domains and app capabilities), and perform file system edits.
Sanitization: None; the agent is directed to "implement it before completing the task" based on the checklist compiled from the remote source.
[EXTERNAL_DOWNLOADS]: The skill performs network operations using the WebFetch tool to retrieve remote documentation and to interact with the Clerk API (/v1/environment) to fetch environment configuration and gate feature availability.
[COMMAND_EXECUTION]: The skill directs the agent to perform system-level project modifications, including installing the clerk-ios package and configuring iOS-specific capabilities (such as Sign in with Apple and Associated Domains) based on the project's state and instructions retrieved from remote sources.

clerk-swift