The Agent Skills Directory

[SAFE]: The skill is a documentation suite providing guidance for developers on creating extensions. It does not include executable code or perform any autonomous network or file operations.\n- [COMMAND_EXECUTION]: The guide includes examples of configuring local shell commands for event-driven automation (e.g., 'npm test' for validation, 'prettier' for formatting, and 'osascript' for notifications). These are provided as templates for user configuration and follow the principle of least privilege through 'allowed-tools' restrictions.\n- [PROMPT_INJECTION]: The documentation describes patterns for creating slash commands and subagents that process user input ($ARGUMENTS) or file content (@ references). Evidence Chain: 1. Ingestion points: $ARGUMENTS in commands.md and subagents.md. 2. Boundary markers: XML-based prompting structure is mandated for semantic isolation. 3. Capability inventory: Documentation covers tools such as Bash, Edit, Write, and SequentialThinking. 4. Sanitization: Instructions focus on structural correctness using XML tags to delineate user content from instructions.

extension-authoring