The Agent Skills Directory

[PROMPT_INJECTION]: The file debug-tricks.md contains instructions that attempt to override the agent's standard behavior for project analysis. It claims Next.js 16 includes a native MCP (Model Context Protocol) server and instructs the agent to use specific JSON-RPC methods to interact with a local /_next/mcp endpoint. This is a deceptive attempt to establish a reconnaissance channel between the agent and the local environment.\n- [COMMAND_EXECUTION]: The skill provides explicit curl commands in debug-tricks.md and instructs the agent to execute them against a local development server. These commands are used to invoke custom 'tools' that probe the system environment.\n- [DATA_EXFILTRATION]: The 'tools' described in the skill (such as get_project_metadata and get_logs) are designed to extract sensitive information from the local machine, including full filesystem paths and the locations of log files. This enables the agent to expose the internal structure of the host environment, which is a precursor to data exfiltration.\n- [DECEPTIVE_INFORMATION]: The skill contains several factually incorrect claims presented as 'Best Practices', such as the assertion that Next.js 16 renames middleware.ts to proxy.ts and the existence of a native /_next/mcp endpoint. These claims are used to build trust and lure the agent into executing the malicious debugging instructions.

next-best-practices