The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it relies on instructions and data fetched from the external context-matic MCP server to perform actions.
Ingestion points: Untrusted data enters the agent's context through the output of tools such as fetch_api, ask, model_search, and endpoint_search in SKILL.md.
Boundary markers: There are no explicit instructions or delimiters used to warn the agent that the tool outputs might contain adversarial instructions that should be ignored.
Capability inventory: The skill instructs the agent to perform sensitive operations based on this data, including installing packages (npm install, pip install, go get), writing authentication credentials to the environment (e.g., .env files), and implementing executable code.
Sanitization: The workflow lacks a validation or sanitization step to verify the safety or integrity of the API documentation or code samples provided by the external server before they are integrated into the project.

integrate-context-matic