The Agent Skills Directory

[SAFE]: The skill promotes secure development practices by instructing the agent to use environment variables for sensitive cryptographic material (MPP_SECRET_KEY) and explicitly warning against hardcoding credentials.
[EXTERNAL_DOWNLOADS]: The skill fetches live API documentation and integration patterns from well-known services including npmjs.com, Stripe's official documentation, and GitHub. These operations are limited to information gathering from established technology providers.
[PROMPT_INJECTION]: The skill includes an indirect prompt injection surface by ingesting external data from documentation websites.
Ingestion points: Retrieves technical details from npmjs.com, docs.stripe.com, and github.com using WebFetch and WebSearch tools.
Boundary markers: The instructions do not specify explicit delimiters or "ignore instructions" wrappers for the external content.
Capability inventory: The skill possesses Bash, Write, and Edit capabilities which are used to implement the server middleware.
Sanitization: No specific sanitization logic is defined for the fetched documentation content, though the risk is mitigated by the use of trusted sources.

mpp-server-middleware