The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally via NPM and utilizes npx to execute commands, which involves downloading and running code from the official registry.
[COMMAND_EXECUTION]: The skill relies on executing shell commands through the membrane CLI for core functionality, including login, connect, and action run. These commands involve passing user-supplied or agent-generated identifiers as arguments.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it processes untrusted data from external API actions and uses natural language prompts to dynamically create actions.
Ingestion points: Data enters the agent's context through the outputs of membrane action list, membrane action get, and membrane action run as described in SKILL.md.
Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore instructions embedded within the data retrieved from the Membrane actions.
Capability inventory: The skill can install packages globally and execute arbitrary actions via the Membrane platform, providing a significant capability surface if exploited.
Sanitization: The skill instructions do not specify any sanitization, validation, or escaping of the content returned by external tools or the Font Awesome API.

font-awesome