The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses curl as its primary tool for interacting with the RPGJS Studio HTTP API. It constructs commands for CRUD operations on maps, events, and database records using provided references.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to https://rpgjs.studio (or a user-defined BASE_URL) to perform its content management tasks. It handles JSON payloads and multipart/form-data for file uploads.
[SAFE]: The instructions include proactive security measures, such as verifying the presence of the RPGSTUDIO_API_KEY environment variable without echoing its value and prohibiting the storage of secrets in the local RPGSTUDIO.md context file.
[DATA_EXFILTRATION]: The skill reads from a local configuration file (RPGSTUDIO.md) and environment variables to maintain project context (e.g., projectId, BASE_URL). This data is sent to the configured API endpoint as part of the intended functionality.
[INDIRECT_PROMPT_INJECTION]: The skill processes data returned from the API (such as project lists and media IDs) to facilitate further actions. While this represents a standard attack surface for data-driven agents, the skill's narrow scope and structured API usage minimize the risk of malicious instruction injection from external data sources.

rpgjs-studio