The Agent Skills Directory

Local Package Execution: The skill utilizes npx to initialize the Vercel emulation service. This involves downloading and executing packages from the npm registry, which is a standard method for utilizing development utilities but serves as an external code entry point.
Local Network Operations: The instructions specify the use of curl and fetch to interact with services running on localhost. These operations are necessary for emulating API responses and managing project configurations locally.
Sensitive Data Handling: The skill demonstrates how to manage environment variables and authentication tokens (e.g., API_KEY, DATABASE_URL) through the emulated API. While the provided examples use placeholders and target local endpoints, this pattern involves the handling of potentially sensitive configuration data.
Indirect Prompt Injection Surface: The skill processes data returned from the emulated API endpoints.
Ingestion points: Data enters the agent context through curl output and fetch responses within SKILL.md instructions.
Boundary markers: Explicit delimiters or warnings to ignore instructions embedded in the API responses are absent.
Capability inventory: The skill uses Bash for command execution and network requests.
Sanitization: There is no explicit evidence of sanitization for the content received from the emulated service before it is processed by the agent.

vercel