The Agent Skills Directory

REMOTE_CODE_EXECUTION (LOW): The skill's HTML templates (e.g., templates/hugo/index.html) load the CMS logic via a remote script tag from unpkg.com. While this is the core intended functionality, it constitutes remote code execution from a source outside the defined trusted organizations.
EXTERNAL_DOWNLOADS (LOW): The setup guide (setup-guide.md) and version check script (check-versions.sh) reference and download external resources, including the @sveltia/cms npm package and the sveltia-cms-auth GitHub repository. These are necessary for the skill's primary purpose but are hosted on non-trusted third-party platforms.
PROMPT_INJECTION (LOW): As a CMS integration, the skill establishes an ingestion surface for untrusted data (Markdown and YAML content). This creates a vulnerability to Indirect Prompt Injection (Category 8) if an AI agent later processes the content managed by this CMS.
Ingestion points: Content folders defined in config.yml templates (e.g., content/posts, src/posts).
Boundary markers: Absent in the provided Markdown templates.
Capability inventory: File writing via init-sveltia.sh and network requests via check-versions.sh.
Sanitization: No explicit sanitization or validation of the managed content is implemented within the skill templates.
COMMAND_EXECUTION (SAFE): The included shell scripts use secure practices, such as quoted heredocs ('EOF') in init-sveltia.sh, to ensure that user-provided variables (like repository names) are not evaluated as commands during file generation.
CREDENTIALS_UNSAFE (SAFE): The documentation correctly instructs users to use npx wrangler secret put for handling GitHub OAuth secrets, preventing accidental exposure of sensitive credentials in code or configuration files.

sveltia-cms