The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes npx @cognite/cli@latest apps submit to process the application submission. This is a documented interaction with the vendor's own CLI tool.
[EXTERNAL_DOWNLOADS]: The skill uses npx to fetch the @cognite/cli package from the npm registry. This is a standard deployment pattern for the author's ecosystem.
[PROMPT_INJECTION]: The skill reads and parses content from App-Brief.md and various review reports. This represents an indirect prompt injection surface where malicious instructions in these files could theoretically influence agent behavior. However, the skill implements specific parsing constraints (regex and frontmatter key checks) and uses the data for logical branching rather than direct command interpolation.
[DATA_EXFILTRATION]: While the skill packages the repository for submission, the destination is the vendor's official certification endpoint via their CLI. No unauthorized data exfiltration patterns were detected.

flows-external-app-submit