The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The Environment Variables Plugin example in SKILL.md serializes the entire process.env object into the build output. This pattern risks exposing sensitive credentials, such as API keys and database tokens, by including them in publicly accessible JavaScript bundles.- [DATA_EXFILTRATION]: The SVG React component plugin example uses dangerouslySetInnerHTML to render the raw contents of SVG files. If an attacker can control the source SVG files, this can be leveraged for Cross-Site Scripting (XSS) attacks.- [COMMAND_EXECUTION]: The skill provides recipes for privileged filesystem operations, including the recursive and forced removal of directories (rm with recursive: true and force: true) and the modification of file permissions to make them executable (chmod 755).- [EXTERNAL_DOWNLOADS]: The documentation references and recommends the installation of numerous third-party plugins and dependencies from the NPM registry, including esbuild-plugin-copy, esbuild-sass-plugin, and marked.- [PROMPT_INJECTION]: The skill demonstrates processing various external file formats (SVG, Markdown, YAML, GraphQL, Sass) as part of the build pipeline, which represents an indirect prompt injection surface if those files are sourced from untrusted contributors.
Ingestion points: SKILL.md, references/plugins.md, and references/recipes.md define loaders for .svg, .md, .yaml, and .scss.
Boundary markers: None identified; content is directly interpolated into code or rendered.
Capability inventory: Filesystem writes (fs.promises.writeFile), permission changes (chmod), and directory deletion (rm).
Sanitization: No sanitization is performed on input files before they are processed or rendered in the provided examples.

esbuild