The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md guide the agent to identify and execute build, test, and linting commands discovered in project manifests (e.g., npm run dev, cargo build). While it includes safeguards such as advising the use of --help flags for verification and requiring user permission before running full builds, executing arbitrary commands found in a codebase carries risk.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest data from untrusted sources within a repository.
Ingestion points: Reads files such as package.json, README.md, pyproject.toml, and other project manifests as specified in SKILL.md.
Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded prompts within the files being read.
Capability inventory: The skill utilizes Bash, Write, and Read tools, allowing it to execute commands and modify files based on its analysis.
Sanitization: No explicit sanitization or validation of the content read from files is performed before processing or displaying summaries.

project-onboarding