The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes functions.exec_command to determine the project's root directory using git rev-parse --show-toplevel or pwd. It also uses shell commands to detect the project type (e.g., checking for package.json, go.mod). These are benign uses for environment discovery.
[EXTERNAL_DOWNLOADS]: The skill uses the web.run tool to perform external research, fetching patterns, best practices, and inspiration from the web based on the brainstorm topic. While this involves network access, it is a core feature for its stated purpose.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from several sources, including the user-provided topic, codebase content (via search and read tools), and external web search results. This data is interpolated into the brainstorming process and refinement rounds.
Ingestion points: The $TOPIC argument, codebase files accessed via Grep or mcp__ace-tool__search_context, and external data from web.run.
Boundary markers: The skill uses markdown headers and structured JSON to organize data, but lacks explicit boundary markers or instructions to the model to ignore embedded commands within the processed data.
Capability inventory: The skill can execute shell commands (exec_command), perform network searches (web.run), and write files to the local filesystem.
Sanitization: The skill performs basic regex sanitization on the topic string to create a safe session slug, but does not explicitly sanitize the content of files or web results before processing.

brainstorm-with-file