The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires installation of the official @nimble-way/nimble-cli package from NPM. This is a vendor-controlled resource and is documented as a prerequisite for the skill's functionality.
[COMMAND_EXECUTION]: The skill executes nimble commands via Bash to interact with the Nimble API for web search and content extraction. This is the primary intended behavior of the skill.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the live web. * Ingestion points: Web content retrieved via nimble search, nimble extract, and nimble crawl commands in SKILL.md. * Boundary markers: Absent; there are no instructions to wrap tool outputs in specific delimiters to prevent the agent from obeying embedded instructions. * Capability inventory: The skill utilizes Bash(nimble *) to fetch web data and execute further commands. * Sanitization: The skill uses the --parse --format markdown flag which strips raw HTML tags, providing cleaner input for the LLM but not filtering potential malicious instructions within the text content.
[CREDENTIALS_UNSAFE]: The documentation describes how to set the NIMBLE_API_KEY environment variable and store it in ~/.claude/settings.json. While this involves a secret key, the instructions follow standard patterns for tool authentication and do not expose any hardcoded credentials.

nimble-web-tools