The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation instructs the agent to install external packages, plugins, and SDK bundles from the vendor's infrastructure.
Evidence: npx skills add nipper-ai/claude-plugin for platform extension.
Evidence: npm install @nipper/sdk for payment handling.
Evidence: bun add {server}/v1/sdk.tgz for application development.
[COMMAND_EXECUTION]: The documentation provides shell commands for package management and environment setup that the agent is expected to execute.
Evidence: Usage of npx, npm, and bun for dependency and plugin management.
[PROMPT_INJECTION]: The skill defines a platform where the agent processes outputs from third-party "micro-apps," creating an attack surface for indirect prompt injection.
Ingestion points: Data enters the agent context through marketplace search results (/v1/marketplace/search) and capability invocation outputs (/v1/apps/{handle}/{app_name}/{capability}/invoke) in SKILL.md.
Boundary markers: The platform uses "typed schemas" and "JSON Schema" validation as described in SKILL.md to structure inputs and outputs.
Capability inventory: The agent possesses network access via fetch, the ability to sign blockchain transactions with a privateKey, and the ability to install software via package managers as noted in SKILL.md.
Sanitization: The documentation specifies that all interactions are validated against developer-defined JSON Schemas to ensure data follows expected structures.

nipper