The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill recommends installing a package named gateguard-ai via pip. This package is not from a well-known service or a verified organization, and its name does not align with the author's established resource patterns, presenting a supply chain risk.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it mandates that the agent analyze untrusted external data (such as imports, file structures, and data schemas) to fulfill its 'investigation' requirement before allowing edits.
Ingestion points: Investigative prompts in SKILL.md that trigger Grep, Read, and Glob operations on local project files.
Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore embedded instructions when reading file content.
Capability inventory: The agent maintains the ability to perform Edit, Write, and Bash operations after the investigation step.
Sanitization: Absent; the agent is directed to present findings and quote user instructions directly without validation.
[COMMAND_EXECUTION]: The documentation explicitly targets and gates high-risk destructive commands such as rm -rf, git reset --hard, and database operations like drop table. While the skill aims to add a safety layer, it highlights and facilitates the agent's interaction with sensitive system-level operations.

gateguard