The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes bash scripts to manage telemetry settings and log events to the user's home directory (~/.superstack). It also instructs the agent to run the bird CLI tool, which introduces potential shell argument injection risks if user-provided keywords are not sanitized before execution.
[EXTERNAL_DOWNLOADS]: The skill invokes npx bird, which downloads and executes the bird package from the npm registry at runtime. This package is not from a verified or trusted organization listed in the security guidelines.
[DATA_EXFILTRATION]: A telemetry mechanism is present that sends skill usage metadata (status, version, platform) to a remote URL (_CONVEX_URL) via curl POST requests. While the skill requests user consent, this establishes an outbound communication channel to an endpoint configured in the local environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and processes .superstack/idea-context.md, an external file provided by the user or a prior phase.
Ingestion points: The file .superstack/idea-context.md is loaded in the first step of the workflow to extract the startup idea for validation.
Boundary markers: Absent; the content is loaded directly into the agent's context without explicit delimiters or instructions to ignore embedded commands.
Capability inventory: The skill can execute shell commands (bash), perform network requests (curl, npx), and write files to the local filesystem.
Sanitization: No evidence of sanitization or validation of the input idea context is present.

validate-idea