The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands for environment setup and project initialization. This includes global installations (npm install -g pnpm), directory creation (mkdir project-name), and initializing repositories (git init). It also uses scaffolding tools like pnpm create next-app and pnpm create vite which perform network-based project generation.
[PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection (Category 8).
Ingestion points: Untrusted user requirements are ingested into the agent context through the $ARGUMENTS placeholder in the ## Requirements section of SKILL.md.
Boundary markers: There are no delimiters or instructions provided to isolate user input or warn the agent against executing embedded instructions found within the requirements.
Capability inventory: The skill provides instructions for performing file system operations, modifying configurations, and executing shell commands based on the ingested data.
Sanitization: No validation or sanitization logic is defined to check project names or parameters before they are used in shell command execution, potentially allowing for command injection if the agent does not apply its own safety filters.

javascript-typescript-typescript-scaffold