The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches migration documentation and web component specifications from the official Metabase website (metabase.com). These documents are used as the authoritative reference for mapping attributes during the migration process.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute curl for downloading the documentation. The command incorporates a version string extracted from project files (e.g., Docker tags or environment variables). While this pattern could theoretically be vulnerable to command injection if the project metadata is maliciously crafted, the instructions specify normalization steps for the version variable.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from the local project and remote documentation to guide code modifications.
Ingestion points: The skill reads project source files via Grep, Read, and Glob tools to identify embedding configurations, and downloads external documentation via curl.
Boundary markers: No specific delimiters or boundary markers are instructed for separating the ingested content from the agent's internal context.
Capability inventory: The skill has significant capabilities, including modifying existing project source code (Edit), writing new files (Write), and executing shell commands (Bash).
Sanitization: There are no explicit instructions for sanitizing or validating the data ingested from the project files or the external documentation before it is used to plan or apply code changes.

metabase-static-embedding-to-guest-embedding-upgrade