The Agent Skills Directory

[SAFE]: The skill focuses on teaching or assisting in the implementation of event-driven API patterns like Server-Sent Events (SSE) and the Transactional Outbox pattern. The instructions promote secure implementation details, such as the use of HMAC-SHA256 signatures for webhook delivery and URL validation during subscription registration.
[COMMAND_EXECUTION]: The skill uses the Bash(api:events-*) tool for framework scaffolding and boilerplate generation. This usage is restricted by the tool's prefix and is consistent with the skill's primary purpose of infrastructure generation.
[INDIRECT_PROMPT_INJECTION]: The skill guides the creation of systems that ingest data from external sources, creating a potential surface for indirect prompt injection.
Ingestion points: The POST /webhooks endpoint and event data consumption from message brokers as described in SKILL.md and references/examples.md.
Boundary markers: None are explicitly defined in the provided code templates.
Capability inventory: The skill utilizes Write, Edit, and a scoped Bash tool to create the target application.
Sanitization: The instructions in SKILL.md (Steps 4 and 5) specifically require the implementation of URL validation and cryptographic signing to mitigate spoofing and injection risks in the final application.

emitting-api-events