The Agent Skills Directory

[COMMAND_EXECUTION]: Executes multiple package manager commands (e.g., npm, yarn, cargo, pip, go, bundle) to resolve dependencies and run project-specific tasks like tests, builds, and linting suites.
[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Utilizes npx to download and execute automated migration tools including react-codemod, @next/codemod, jest-codemods, and ng update. It also modifies manifest files to update package versions, which triggers remote package installations from public registries.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting and acting upon untrusted web data.
Ingestion points: Phase 3 uses WebSearch and WebFetch to retrieve migration guides and breaking change documentation from arbitrary external websites.
Boundary markers: The skill does not define specific delimiters or instructions to distinguish untrusted web content from its own logic.
Capability inventory: The agent can modify the local codebase using the Edit tool, install dependencies, and execute shell commands based on findings from the research phase.
Sanitization: There is no evidence of sanitization or structural validation performed on the retrieved web content before it influences the agent's actions.

update-dependencies