The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The reference documentation for Interop implementation provides examples for running local Model Context Protocol (MCP) servers using the npx -y command (e.g., npx -y @myorg/document-search-mcp). This pattern involves the dynamic download and execution of packages from the npm registry.
[PROMPT_INJECTION]: The skill is designed to create agents that ingest and process untrusted user data, creating a surface for indirect prompt injection.
Ingestion points: Data enters the agent context via the input_message parameter in runner templates (references/agent-implementation.md) and the query property in skill manifests (references/skill-manifest.md).
Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the provided templates.
Capability inventory: The resulting agents possess capabilities for shell command execution (via npx), network requests (via MCP/REST), and tool execution.
Sanitization: No sanitization or input validation logic is included in the implementation patterns.
[COMMAND_EXECUTION]: The guide includes patterns for invoking shell commands to initialize service transports, specifically using npx for Model Context Protocol servers.
[DATA_EXFILTRATION]: The skill templates instruct developers to read sensitive configuration such as authentication tokens (e.g., DOCUMENT_SEARCH_AUTH_TOKEN) from environment variables. While this follows secret management best practices, the access to credentials combined with the network capabilities of the interop clients represents a standard surface for potential data exfiltration if the agent's control flow is compromised.

agent-engineer