The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several CLI tools to perform its functions. It uses git and gh (GitHub CLI) for repository management and pull request creation in workflows/open-pr.md. It also uses a vendor-specific tpc CLI tool for managing agent simulation tasks and environments in workflows/agent-simulation.md.
[EXTERNAL_DOWNLOADS]: The installation guide in INSTALL.md and SKILL.md instructs users to install external packages from the npm registry, specifically @modelcontextprotocol/server-brave-search and mcp-server-markdown-skills, which are used for web search and skill serving respectively.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from URLs and search results (Reddit, Hacker News) in workflows/geo-simulation-prompts.md and workflows/agent-simulation.md. While it uses structured boundaries like the 'Research Brief' and 'task.json' schema, and includes human-in-the-loop confirmation steps, the capability to create PRs and execute simulation tasks via the tpc CLI represents a potential risk if malicious instructions are embedded in the sourced web content. Evidence: Ingestion via web search in Phase 1 research; Capabilities include tpc, git, and gh CLI commands.

generative-engine-optimization