The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx opensrc to download and execute an external utility for code exploration. It also clones the dhis2-core and ui repositories from GitHub to read API and component definitions. While these repositories belong to the official DHIS2 organization, the opensrc tool itself is an external dependency from an unverified source.- [COMMAND_EXECUTION]: The skill executes various shell commands for project scaffolding (pnpm create), dependency management (pnpm add), and development workflows (pnpm start). It also uses npx opensrc with the --modify flag, which allows the tool to modify local project configuration files like .gitignore. Additionally, it uses curl to perform health checks and credential verification against a local DHIS2 instance.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and analyze source code from external repositories (dhis2/dhis2-core).- Ingestion points: Java controller and DTO files cloned from github.com/dhis2/dhis2-core via npx opensrc.- Boundary markers: The instructions provide specific extraction goals (endpoints, parameters, request/response shapes), but do not include explicit delimiters or instructions to ignore embedded commands within the source code.- Capability inventory: The agent has access to a Bash tool for executing commands, installing packages, starting local servers, and spawning subagents.- Sanitization: No sanitization or validation of the ingested source code is performed before analysis.

dhis2-app-development