The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands including npm install, npm run dev, and npm run build within the newly created project directory.
[EXTERNAL_DOWNLOADS]: The skill fetches external content from Twitter/X via the fetch-tweet skill when a URL is provided as an argument.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where data from external tweets is used to influence game logic and code generation. * Ingestion points: Tweet content fetched from external URLs via fetch-tweet in SKILL.md. * Boundary markers: No delimiters or safety instructions are used to isolate the tweet content from the generation prompt. * Capability inventory: The skill can execute shell commands, perform file system operations, and launch subagents via the Task skill. * Sanitization: No evidence of filtering or validation of the fetched tweet content before it is passed to the game concept abstraction step.
[REMOTE_CODE_EXECUTION]: Running npm install and npm run build on a scaffolded project involves executing external code dependencies from the NPM registry.
[CREDENTIALS_UNSAFE]: The skill requests a MESHY_API_KEY from the user and stores it for subsequent 3D asset generation tasks.

quick-game