The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill metadata contains an installation command that fetches the SKILL.md file from a remote repository on GitHub (raw.githubusercontent.com). This is considered a safe operation as it targets a well-known service to retrieve documentation content.- [COMMAND_EXECUTION]: The mandatory agent workflow instructs the use of external tools and agents, including TeamCreate for spawning sub-agents and Grep for searching the local codebase for patterns and logic. These are standard operational capabilities for development-focused skills.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and act upon data from the user's codebase without explicit sanitization or boundary enforcement.
Ingestion points: Project structure analysis and codebase searches using Grep as defined in the Agent Workflow and DRY sections.
Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its operational rules and the content found within the analyzed files.
Capability inventory: The skill allows for the implementation of new code, spawning of additional agents (TeamCreate), and execution of search commands (Grep).
Sanitization: There are no mentioned mechanisms for sanitizing, escaping, or validating the content retrieved from the codebase before it is processed by the agent.

solid-generic