The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local maintenance scripts (scripts/sync-skills.mjs) and the GitHub CLI (gh) to perform repository operations such as checking staleness, updating versions, and managing pull requests. These actions are fundamental to the skill's primary purpose of repository synchronization.
[EXTERNAL_DOWNLOADS]: The skill interacts with the GitHub API to fetch file diffs and repository metadata from TanStack's official repositories. These operations are performed within the vendor's own ecosystem to verify the necessity of skill updates.
[PROMPT_INJECTION]: The skill ingests external data from a webhook payload (package name, commit SHA, and changed files) to trigger its workflow. This represents an indirect prompt injection surface where attacker-controlled commit metadata could theoretically influence the agent's file processing path. * Ingestion points: Webhook payload data processed in Step 1. * Boundary markers: None explicitly defined in the instruction text. * Capability inventory: File system read/write, network access (GitHub API), local script execution, and git branch/PR creation. * Sanitization: Logic matches changed files against predefined sources lists within local skill files.

skill-staleness-check