The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute the @agent-analytics/cli package (version 0.5.31). This is a vendor-provided tool used to gather analytics data from the Agent Analytics platform.
[COMMAND_EXECUTION]: Several shell scripts are included (init_autoresearch_run.sh, collect_agent_analytics_snapshot.sh) which perform file operations and invoke the CLI tool. These are used for environment setup and data collection.
[DATA_EXFILTRATION]: The skill retrieves project insights, page views, and event data from the agentanalytics.sh service via the CLI. This data is stored locally in the data/ directory for processing. While this involves sending project identifiers to the vendor's API, it is consistent with the skill's stated purpose.
[INDIRECT_PROMPT_INJECTION]: The skill processes analytics snapshots and project briefs as primary inputs for its generation loop.
Ingestion points: Data is read from brief.md and text files in the data/ folder generated by the analytics CLI.
Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to ignore potentially malicious instructions embedded within the analytics data or the brief.
Capability inventory: The skill has the capability to write local files (final_variants.md, results.tsv) and execute shell scripts for data collection.
Sanitization: There is no evidence of sanitization or validation of the content retrieved from the analytics reports before it is interpolated into the generation prompt.

agent-analytics-autoresearch