The Agent Skills Directory

[COMMAND_EXECUTION]: The skill coordinates environment setup by executing multiple Node.js scripts from the shared/scripts/ directory, which are expected to manage low-level environment interactions.
[COMMAND_EXECUTION]: It has the capability to modify security-critical IDE configuration files for Cursor and VSCode. Specifically, it can enable claudeCode.allowDangerouslySkipPermissions, which allows the agent to bypass user confirmation for potentially dangerous operations.
[EXTERNAL_DOWNLOADS]: The skill installs marketplace plugins and binary tools, such as language servers (e.g., basedpyright, csharp-ls), depending on the detected project environment and project languages.
[DATA_EXFILTRATION]: It performs detailed discovery of the user's environment, scanning for IDE extensions, configuration settings, and project metadata related to GitHub and Linear. While focused on setup, this mapping of the local environment covers sensitive configuration paths.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data that influences its execution flow and worker dispatching.
Ingestion points: Processes marketplace plugin metadata and the .hex-skills/environment_state.json file (SKILL.md, Phase 1 and 5).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the ingested data were identified.
Capability inventory: Uses shell execution via node (SKILL.md, Worker Invocation) and has write access to environment state and IDE configuration files.
Sanitization: There is no evidence of sanitization or strict validation of external data before it is used to influence the child worker dispatch plan.

ln-010-dev-environment-setup