The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to manage and edit content stored in Git-backed Markdown, MDX, and JSON files. This content serves as an ingestion point for untrusted data that could influence agent behavior.
Ingestion points: Multiple directories including content/posts/, content/docs/, and content/pages/ as defined in the collection templates.
Boundary markers: No explicit delimiters or system instructions are provided in the schemas to isolate or ignore agent instructions embedded within the Markdown content.
Capability inventory: The skill allows the agent to execute shell commands via the TinaCMS CLI (tinacms dev, tinacms build) and perform local file system writes.
Sanitization: There is no evidence of input sanitization or filtering logic to detect or neutralize malicious instructions within the content files.
Command Execution (SAFE): The scripts/check-versions.sh script is a utility for local environment verification. While it uses node -e for dynamic JSON parsing and npm view for network-based version checks, these operations are limited to project maintenance and do not constitute an attack vector.
External Downloads (SAFE): Package dependencies in the provided package.json files reference standard, reputable libraries from the npm registry. The reference to next@^16.0.0 is treated as a future-dated placeholder consistent with the skill's 2025 timestamps rather than an unverifiable dependency.

tinacms