The Agent Skills Directory

[SAFE]: The skill operates entirely within the Yuque ecosystem using the yuque-mcp toolset. It performs standard administrative tasks such as listing repositories (yuque_list_repos), reading tables of contents (yuque_get_toc), and creating new documentation (yuque_create_doc).\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses team document metadata and member lists (yuque_group_members) to generate the guide. This access is necessary for the intended functionality and is performed via the authenticated MCP server. As these operations target a well-known service (Yuque) and do not involve unauthorized exfiltration of sensitive local system files, they are considered safe.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from Yuque documents (yuque_get_doc in SKILL.md) to generate summaries. While there is a surface for indirect injection if source documents contain malicious instructions, the impact is limited. Mandatory evidence: 1. Ingestion: yuque_get_doc (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: yuque_create_doc (SKILL.md); 4. Sanitization: Absent.

onboarding-guide