The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill performs an external download by executing dotnet new install NetCorePal.Template. This command fetches a project template from the public NuGet gallery. Such templates can contain arbitrary files and build-time scripts that execute locally during project generation or compilation.
COMMAND_EXECUTION (LOW): The interactive_init.py script uses subprocess.run to execute the .NET CLI. While it correctly uses list-based arguments rather than shell=True to prevent shell injection, the skill still performs significant system modifications, including directory creation and project scaffolding, based on input parameters.
INDIRECT_PROMPT_INJECTION (LOW): The skill identifies a surface for indirect prompt injection via the IncludeCopilotInstructions parameter. This flag explicitly injects instructions into the generated codebase intended to influence the behavior of downstream AI agents (like GitHub Copilot) that may process the project files later.
Ingestion points: scripts/interactive_init.py (via --IncludeCopilotInstructions flag).
Boundary markers: None (instructions are integrated directly into the generated project structure).
Capability inventory: subprocess.run (execution of dotnet CLI), filesystem writes.
Sanitization: No sanitization is performed on the instructions included in the template output.

cleanddd-dotnet-init