The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill proactively fetches content from over 30 official Anthropic and Model Context Protocol (MCP) sources. This includes blogs, documentation, and GitHub repositories such as anthropics/claude-code and modelcontextprotocol/modelcontextprotocol. These operations are performed to monitor for ecosystem changes and are directed at trusted or well-known technology organizations.
[COMMAND_EXECUTION]: Several workflows and scripts utilize system commands to perform their functions:
curl is used to send JSON notifications to a local endpoint (http://localhost:8888/notify) for voice feedback.
yt-dlp is executed to retrieve metadata and video IDs from configured YouTube channels.
bun is used to run various local TypeScript tools, including Anthropic.ts, LoadSkillConfig.ts, and GetTranscript.ts.
Standard shell utilities like cat and head are used for state management and configuration loading.
[PROMPT_INJECTION]: The skill implements a 'Customization Layer' that searches for and applies configurations from ~/.opencode/skills/CORE/USER/SKILLCUSTOMIZATIONS/PAIUpgrade/. Instructions specify that resources found in this directory override default skill behavior. Additionally, the skill's 'Content Analysis Mode' is designed to ingest and process any content (URLs, files, transcripts) to generate system recommendations, which constitutes a surface for indirect prompt injection (Category 8).
Ingestion points: External blogs, GitHub commits, and YouTube transcripts are processed via Tools/Anthropic.ts and the CheckForUpgrades workflow.
Boundary markers: The tool output uses structured Markdown headers for reporting, though it lacks explicit 'ignore instructions' delimiters for the ingested content itself.
Capability inventory: The skill can execute local commands (bun, yt-dlp, curl) and write to its own state and log files.
Sanitization: Tools/Anthropic.ts performs basic HTML tag stripping using regex when extracting titles from blogs.

PAIUpgrade