The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs legitimate file system operations to create a specific directory structure and scaffold markdown files. This includes creating a .gitignore and a .vscode/settings.json file for editor configuration. These actions are limited to the user-specified wiki root and are essential for the skill's purpose.
[PROMPT_INJECTION]: The skill defines workflows for ingesting external content into a knowledge base, representing an indirect prompt injection surface. (1) Ingestion points: Files provided by the user in the raw/ directory (references/workflows/ingest.md). (2) Boundary markers: Absent; the agent reads source files directly without specified delimiters to isolate untrusted content from its instructions. (3) Capability inventory: The agent is authorized to create, read, and update markdown files within the wiki/ directory. (4) Sanitization: The workflow incorporates a human-in-the-loop checkpoint ('Discuss with User' in Step 2 of the ingestion workflow) to verify key takeaways before updates occur.

llm-wiki-bootstrap