The Agent Skills Directory

[DATA_EXFILTRATION]: The script scripts/report_violation.py implements a Slack notification feature that transmits performance reports to a user-specified webhook URL using the urllib.request library.
[COMMAND_EXECUTION]: The skill's configuration in SKILL.md specifies permissions for the Bash tool to execute performance auditing commands such as lighthouse and webpack to gather system metrics.
[PROMPT_INJECTION]: The skill processes untrusted external data files (performance-budgets.json and metrics.json), creating an indirect prompt injection surface.
Ingestion points: Data is ingested via instructions in SKILL.md and logic in scripts/validate_budget.py that loads and parses JSON input.
Boundary markers: Absent. The instructions do not define delimiters or provide guidance to the agent to ignore instructions embedded within the performance data.
Capability inventory: The skill environment includes Bash (lighthouse, webpack), Write, Edit, and Read capabilities.
Sanitization: Absent. The scripts perform standard JSON parsing but do not validate or sanitize content for potential injection before the agent processes it.

validating-performance-budgets