The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches files from a remote repository located at github.com/mvanhorn/printing-press-library.
It uses gh api to download the registry.json and manifest.json metadata files.
The import-fetch.sh script performs a shallow git clone to retrieve the source code of the requested CLI tool.
[REMOTE_CODE_EXECUTION]: The skill compiles and executes code retrieved from the remote GitHub repository.
The skill runs go build ./... on the downloaded files to create a local binary.
It then executes the resulting binary via the ./bin/${API_SLUG}-pp-cli doctor command to verify the import.
[COMMAND_EXECUTION]: The skill uses the Bash tool to run several local scripts that perform impactful file system operations.
import-place.sh uses rm -rf to delete existing content at the target library and manuscripts paths before moving the new files.
import-rewrite.sh uses perl to perform in-place modification of source files (.go, .yaml, .md) to revert module paths.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through unverified data fetched from the remote repository.
Ingestion points: Metadata such as the CLI name and description are retrieved from the remote registry.json file.
Boundary markers: No delimiters or safety instructions are used when displaying these fields to the user or incorporating them into the agent's reasoning.
Capability inventory: The skill possesses significant capabilities, including the ability to build and execute arbitrary binaries and perform recursive file system deletions.
Sanitization: There is no evidence of sanitization or validation of the remote metadata before it is processed or presented.

printing-press-import