The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill provides templates for AI functions and tools that process untrusted natural language input, creating a potential surface for indirect prompt injection.
Ingestion points: The prompt parameter in generateText, streamText, and generateObject templates, as well as the inputSchema for custom tools.
Boundary markers: None are specified or implemented in the provided templates to delimit untrusted input.
Capability inventory: The skill environment supports network operations (AI provider API calls), file system writes (save-audio.ts), and local command execution (pnpm tsx).
Sanitization: No explicit sanitization or validation logic is included in the templates for interpolated prompts.
Data Exposure (SAFE): The skill mentions a run.ts utility that loads environment variables from a .env file. This is a standard practice for local development and no exfiltration patterns or hardcoded credentials were found.
Command Execution (SAFE): The documentation includes commands to run scripts via pnpm tsx. These are standard developer operations and do not represent unauthorized privilege escalation or malicious persistence.

develop-ai-functions-example