The Agent Skills Directory

[PROMPT_INJECTION]: The skill's core workflow involves inspecting existing .py or .sh files in the user's workspace to facilitate conversion or repair. This ingestion of untrusted data represents an indirect prompt injection surface where a malicious script could influence the agent's behavior during the implementation phase. Ingestion points: Workspace scripts read during the 'Detect what exists' phase in SKILL.md. Boundary markers: Absent. Capability inventory: Modification and creation of executable scripts. Sanitization: Not mentioned in the conversion flow.
[COMMAND_EXECUTION]: The skill provides numerous patterns and recipes for generating scripts that execute system commands such as open, pbcopy, git, and curl. These are used as wrappers for common OS tasks within the Raycast environment.
[SAFE]: The skill emphasizes secure implementation practices, such as quoting shell variables, using safe parameter expansion for arguments, and documenting dependencies to avoid silent failures. It specifically advises against the inclusion of hardcoded secrets and recommends using .template filename suffixes for commands requiring user-specific tokens or IDs.

build-raycast-script-command