The Agent Skills Directory

[COMMAND_EXECUTION]: The skill extensively utilizes the Bash tool and mcp__ide__executeCode to perform full-stack development tasks, such as running compilers, package managers (npm, pip, cargo), and test runners. It also generates and executes platform-specific supervisor scripts (auto-continue.sh, auto-continue.ps1) to maintain autonomous operation loops across multiple sessions.
[EXTERNAL_DOWNLOADS]: The skill is designed to automatically discover and install Model Context Protocol (MCP) servers from well-known registries. It references official packages for browser automation, filesystem management, and database operations (e.g., from the Anthropic-AI GitHub organization), which are used to extend the agent's capabilities in a development environment.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data from project specifications, external documentation via WebFetch, and web search results.
Ingestion points: The agent reads requirements from workspace files and external sources using the Read, WebFetch, and WebSearch tools.
Boundary markers: The instructions do not define specific prompt-level delimiters or 'ignore' warnings for the data being processed, relying on general safety guidelines defined in separate reference files.
Capability inventory: The agent has high-privilege tools including Bash, Write, Edit, and mcp__ide__executeCode, which could be exploited if malicious instructions are successfully injected via project data.
Sanitization: There is no evidence of explicit sanitization or validation of the content retrieved from external sources before it is interpolated into the agent's context.

autonomous-builder