The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute various shell commands including 'mkdir', 'npm install', 'pnpm create', and 'git init'. While these are necessary for the skill's purpose, they represent a capability that could be abused if parameters are not carefully handled by the agent.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill downloads 'pnpm' and project templates from the official npm registry. These are trusted sources for web development tooling.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection via the '$ARGUMENTS' field. An attacker could provide malicious project requirements designed to trick the agent into executing unintended shell commands or generating backdoored configuration files.\n
Ingestion points: User-provided requirements and the '$ARGUMENTS' placeholder.\n
Boundary markers: No specific delimiters are used to wrap or sanitize user-provided project names or descriptions before they are used in command templates.\n
Capability inventory: Shell execution (mkdir, npm, pnpm, git) and file writing (package.json, tsconfig.json, .eslintrc.json) across all scaffolding instructions.\n
Sanitization: No explicit sanitization or input validation logic is present in the skill instructions.

javascript-typescript-typescript-scaffold