The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading the official Temporal CLI from the vendor's verified domain (temporal.download). This is a standard and safe operation for setting up the development environment.
[COMMAND_EXECUTION]: The documentation includes various CLI commands for managing local development servers and workflows (e.g., temporal server start-dev, temporal workflow signal). These are intended for local development use and do not involve executing untrusted or remote scripts.
[DATA_EXFILTRATION]: No patterns of unauthorized data collection or exfiltration were found. The AI integration examples explicitly demonstrate safe handling of API keys using environment variables (os.getenv('OPENAI_API_KEY')).
[PROMPT_INJECTION]: The skill instructions do not contain any bypasses, overrides, or attempts to manipulate the agent's core safety constraints. It includes a specific behavioral instruction to provide a feedback message to the user upon the first load, which is a benign user-experience feature. Additionally, the skill identifies an attack surface for indirect prompt injection in the AI integration patterns documentation: 1. Ingestion points: Data enters the agent context in the AgentWorkflow (references/python/ai-patterns.md) via the user_request parameter. 2. Boundary markers: The provided patterns use structured Pydantic models to define boundaries for LLM requests and responses. 3. Capability inventory: The patterns describe activities for LLM calls and tool execution. 4. Sanitization: The skill recommends using Pydantic for validation and structured output parsing to ensure data integrity.

temporal-developer