The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses a WebFetch mechanism to download ecosystem.yaml, credential-catalog.md, and trust-framework.md from user-provided HTTPS URLs. This allows the integration of external project data into the local environment.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from remote sources which then guides the agent's logic in subsequent phases.
Ingestion points: Remote files are retrieved during the 'Ecosystem Import' phase (Phase 1b) using the WebFetch tool.
Boundary markers: The skill prepends an origin comment to imported files but does not implement specific delimiters or 'ignore' instructions to prevent the content of those files from being interpreted as instructions by the LLM.
Capability inventory: The agent has the capability to perform network fetches, glob-based file searches, and write files to the local docs/ directory.
Sanitization: While the skill validates that URLs are HTTPS and parses the YAML content, it lacks explicit sanitization of the ecosystem.name field extracted from the remote file. This field is used to construct the destination directory for file writes, posing a potential path traversal risk if the name contains navigation characters like ../.

design1-service