The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute the dub-pp-cli binary via shell commands. It directly interpolates user-supplied arguments from the $ARGUMENTS variable into the command line execution path.
[EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the core CLI tool and an MCP server from the author's GitHub repository (github.com/mvanhorn/printing-press-library) using go install and npx (@mvanhorn/printing-press).
[DATA_EXFILTRATION]: The skill documents and enables several features for sending data to external endpoints:
The --deliver webhook:<url> flag allows command outputs (which may include sensitive workspace, link, or customer data) to be POSTed to arbitrary external URLs.
The feedback command allows local notes to be sent to a remote endpoint defined by the DUB_FEEDBACK_ENDPOINT environment variable.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing and returning data from external sources (the Dub API) to the agent context.
Ingestion points: Data enters the context through commands like bounties triage (partner submissions), customers journey (customer data), and links get (link metadata) in SKILL.md.
Boundary markers: None identified; external content is returned as structured or raw JSON without explicit delimiters to prevent the agent from obeying instructions embedded in the data.
Capability inventory: The skill can execute arbitrary subcommands via dub-pp-cli, write to files via the --deliver file: sink, and make network requests via the webhook sink and feedback system.
Sanitization: The documentation does not indicate any sanitization or validation of the content retrieved from the Dub API before it is presented to the agent.

pp-dub