The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses sudo to start the Docker daemon (sudo dockerd) and manage infrastructure containers (sudo docker compose up). Running commands with root privileges grants the agent administrative control over the host system.
[COMMAND_EXECUTION]: It invokes numerous project-specific scripts through pnpm (e.g., pnpm dev, pnpm build, pnpm test). These commands execute arbitrary shell scripts defined within the repository's package.json file.
[COMMAND_EXECUTION]: The skill configures local git hooks using pnpm hooks. This modifies the .git/hooks directory, allowing for automatic script execution during standard git operations (like committing).
[COMMAND_EXECUTION]: It executes custom or non-standard binaries such as tsgo (described as a native preview for TypeScript) and tsdown. These tools may have unverified behaviors compared to official toolchains.
[INDIRECT_PROMPT_INJECTION]: The skill ingests data from environment configuration files and repository scripts, creating an attack surface where maliciously crafted files could influence agent behavior.
Ingestion points: Reads .env.development, .env.test, and package.json scripts.
Boundary markers: Absent; there are no delimiters or warnings to ignore instructions embedded in these files.
Capability inventory: Includes shell execution, sudo access, Docker service management, and network health checks (curl).
Sanitization: None; the skill does not validate or escape the contents of the environment files or scripts before execution.

toolchain-commands