The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's primary purpose is to guide the agent in writing TypeScript source code to the agent/custom_scripts/actions/ directory. These files are intended to be dynamically loaded and executed by the host platform's action system when triggered by a user in the chat interface.
[PROMPT_INJECTION]: The skill documents an Indirect Prompt Injection surface. Generated actions are designed to ingest untrusted data from emails (via context.emailAPI) and pass that content directly into LLM prompts using context.callAgent.
Ingestion points: context.emailAPI.getInbox, context.emailAPI.searchEmails, and context.emailAPI.getEmailById (SKILL.md).
Boundary markers: None explicitly required or documented in the templates to separate untrusted email content from instructions.
Capability inventory: Actions have access to context.sendEmail, context.fetch (external network access), and email modification tools (archiveEmail, addLabel, etc.).
Sanitization: No sanitization or validation of the email content is suggested before it is processed by the AI or used in subsequent operations.
[EXTERNAL_DOWNLOADS]: The skill's metadata contains an installation command that uses curl to download the SKILL.md file from a public GitHub repository (majiayu000/claude-skill-registry).

action-creator