The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including npm install, npm run build, and npm test on a newly scaffolded project based on templates provided in the skill instructions. This is the primary intended behavior and utilizes standard Node.js development tooling.- [INDIRECT_PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface where user-provided metadata is interpolated into configuration files that are later processed by the shell or environment.
Ingestion points: User-controlled placeholders such as {{NAME}}, {{DESCRIPTION}}, {{AUTHOR}}, and {{REPO}} are used in SKILL.md to populate templates for package.json and other project files.
Boundary markers: There are no explicit delimiters or specific instructions to the agent to ignore potential instructions embedded within these user-provided strings during the scaffolding process.
Capability inventory: The skill executes npm install, npx tsc, npm run build, and npm test as part of its automated procedural steps.
Sanitization: The instructions do not define validation, escaping, or filtering for user-supplied metadata before it is written to the project files and processed.

start-package