The Agent Skills Directory

[COMMAND_EXECUTION]: Executes shell commands for codebase scanning, dependency detection, and version checking. Evidence in SKILL.md and references/scan-phase.md uses Bash, Grep, and Glob tools for project analysis.
[EXTERNAL_DOWNLOADS]: Facilitates the installation of the agentation-mcp package and performs connectivity checks to the npm registry. Evidence in references/integrations.md and rules/mcp-server-verification.md.
[DATA_EXFILTRATION]: Configures optional session telemetry to external endpoints. The skill includes a dedicated safety rule in rules/telemetry-consent-gate.md that enforces informed opt-in, requires HTTPS, and prohibits default data collection. Telemetry is directed to a vendor-owned endpoint (hq.yonatangross.com) as documented in references/configure-wizard.md.
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection due to the ingestion of untrusted codebase data during the scanning phase. Ingestion points: Project manifests (package.json, pyproject.toml) and documentation (README.md) scanned in Phase 1. Boundary markers: None specified to differentiate between file content and instructions. Capability inventory: Significant, including Bash execution, file modification (Write), and task management. Sanitization: No explicit validation or escaping of ingested file content before classification. This is documented as a low-severity risk factor inherent to the skill's primary purpose.

setup