The Agent Skills Directory

[PROMPT_INJECTION]: The skill fetches a remote 'SKILL.md' file and asks the agent to analyze its content to suggest configuration parameters, creating a vulnerability to indirect prompt injection. * Ingestion points: Content fetched from a GitHub repository via 'gh api' (SKILL.md). * Boundary markers: No delimiters are used to separate the external content from the agent's internal instructions. * Capability inventory: The skill can read and modify the local '~/.config/harness/manifest.json' file. * Sanitization: No sanitization is performed on the retrieved content before it is processed by the agent.
[COMMAND_EXECUTION]: The skill executes shell commands to interact with the GitHub API and suggests commands for the user to run. * Uses 'gh api' and 'base64 --decode' to retrieve and process remote file content. * Suggests the use of 'npx skills search' and '/harness:install' to the user.
[EXTERNAL_DOWNLOADS]: The skill downloads content from external GitHub repositories and suggests the use of npm packages. * Fetches 'SKILL.md' files from user-specified repositories on 'github.com'. * Suggests the use of the 'skills' package via 'npx'.

add