The Agent Skills Directory

[PROMPT_INJECTION]: The skill exposes the agent to indirect prompt injection by instructing it to process and act on data from untrusted external sources like npm, PyPI, GitHub, and general web results. * Ingestion points: Research results and package metadata from external registries and websites. * Boundary markers: Absent; no specific delimiters or ignore-instructions are defined for external content. * Capability inventory: The skill utilizes powerful capabilities including package managers (npm, pip), file system tools (rg), and subagent task execution. * Sanitization: No sanitization or validation of the ingested external content is defined in the workflow.\n- [EXTERNAL_DOWNLOADS]: The workflow promotes the search for and installation of third-party dependencies from public registries. While this is a standard developer task, it introduces the risk of installing malicious or compromised packages.\n- [COMMAND_EXECUTION]: The skill involves the execution of system commands for searching the codebase (rg), auditing local configuration files such as ~/.claude/settings.json (which may contain sensitive MCP credentials), and performing software installations.

search-first