The Agent Skills Directory

[PROMPT_INJECTION]: The skill describes a pattern for 'Task-Oriented Templates' that introduces a surface for indirect prompt injection. Untrusted user data (from the user's task prompt) is ingested and passed into downstream AI agent modules.
Ingestion points: Data enters through the data.coder_task.me.prompt field in generated Terraform configurations, which is then passed to the ai_prompt variable of agent modules like claude-code.
Boundary markers: The instructions recommend setting enable_boundary = true on agent modules to enable network-level filtering as a security control.
Capability inventory: The templates produced by this skill can execute shell scripts (via coder_script or coder_agent.init_script), provision cloud infrastructure (AWS, GCP, Azure, etc.), and manage containerized environments.
Sanitization: The instructions do not specify any sanitization or validation of the user's task prompt before it is passed to the AI agent module.
[COMMAND_EXECUTION]: The skill instructs the agent to execute various local scripts and tools for scaffolding and validation.
It uses ./scripts/new_template.sh for generating new template structures.
It utilizes bun run fmt, bun run shellcheck, and ./scripts/terraform_validate.sh for code quality and integrity checks.
It provides commands for the coder CLI tool (coder templates push) to deploy the finished templates to a Coder server.
[EXTERNAL_DOWNLOADS]: The skill references downloading and using external Terraform providers and modules.
It points to official Terraform providers from HashiCorp and other community maintainers on registry.terraform.io.
It instructs the agent to consume modules from the Coder Registry (registry.coder.com), including the claude-code AI agent module. These are vendor-owned resources and are documented neutrally.

coder-templates