The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes a code template for a self-hosted remote cache server that contains a vulnerability surface for indirect injection and path traversal.
Ingestion points: The Express.js server template in SKILL.md directly uses req.params.hash and req.query.teamId to construct file paths.
Boundary markers: There are no delimiters or instructions provided to the agent or system to ignore potentially malicious content within the cached artifacts.
Capability inventory: The template utilizes fs.createReadStream, fs.createWriteStream, and fs.promises.mkdir for file system operations based on the untrusted input.
Sanitization: The template does not include any sanitization, validation, or path normalization for the hash or team variables, which could allow an attacker to read or write files outside the intended cache directory via path traversal (e.g., using ../).
[EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted tools, including Vercel's Turborepo, GitHub Actions (actions/checkout, actions/setup-node), and standard Node.js package managers. These references are documented neutrally as they originate from trusted or well-known organizations.

turborepo-caching