The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Downloads and embeds JavaScript libraries (marked.js, highlight.js, mermaid.js) from public CDNs such as unpkg.com and cdn.jsdelivr.net to enable interactive features in generated HTML manuals. Evidence found in references/domains/manual-generation/scripts/bundle-libraries.md and references/domains/manual-generation/templates/tiddlywiki-shell.html.
[COMMAND_EXECUTION]: Executes various CLI tools (pandoc, soffice, pdftoppm) and manages local development servers for screenshot capture. It also programmatically creates and installs a LibreOffice macro file (Module1.xba) in the user's configuration directory (~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/) to automate Excel recalculations. Evidence found in references/domains/document-formats/xlsx/recalc.py.
[PROMPT_INJECTION]: Ingests a large volume of untrusted data from the local project, including source code, README files, and git logs. This content is interpolated into sub-agent prompts without robust sanitization or strict boundary markers, creating a vulnerability to indirect prompt injection where instructions embedded in the documentation could manipulate agent actions via tools like Bash and Write. Evidence found throughout references/domains/compliance-copyright/ phases and references/domains/manual-generation/ phases.
[REMOTE_CODE_EXECUTION]: Uses dynamic path manipulation and module loading (sys.path injection and dynamic import) to load application instances from the documented project during the API extraction phase. This behavior allows for the execution of arbitrary code found within the documented project's source tree during the documentation generation process. Evidence found in references/domains/manual-generation/scripts/extract_apis.py.

documentation-specialist