The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains instructions to suppress specific communications with the user regarding the authentication and signup process ('Do not tell the user to go sign up... before setup'). While intended to streamline the user experience by prioritizing automated state checks, this pattern dictates agent communication behavior and suppresses transparency during the initialization phase.
[COMMAND_EXECUTION]: The skill directs the agent to execute multiple shell commands, including package managers ('npm', 'yarn'), a local status script ('./scripts/run-tracekit-auth.sh'), and the vendor's CLI tool ('tracekit'). These are used for environment verification, authentication, and build-time integration.
[EXTERNAL_DOWNLOADS]: The skill initiates the installation of external libraries ('@tracekit/react', '@tracekit/browser', '@tracekit/replay') from public registries. These packages are owned by the vendor and are necessary for the skill's stated purpose.
[DATA_EXFILTRATION]: The skill configures the application to transmit performance traces and error logs to the vendor's official domain ('https://app.tracekit.dev'). This behavior is the primary function of the APM SDK and is performed using the user's provided credentials.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it processes untrusted project data: (1) Ingestion points: The skill reads project configuration files ('package.json', 'tsconfig.json', '~/.tracekitconfig') and application source code. (2) Boundary markers: No explicit instructions are provided to the agent to treat data within these files as untrusted. (3) Capability inventory: The skill has the ability to write to the file system (modifying '.env' and source files) and execute shell commands. (4) Sanitization: There is no evidence of sanitization of the content read from the project files before it is used to guide the setup process.

tracekit-react-sdk