The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes npx to download and run the metaharness package from the npm registry. This is a standard mechanism for executing the latest version of a scaffolding utility without permanent local installation.
[COMMAND_EXECUTION]: The skill executes shell commands via the Bash tool to perform file system operations and run the project initializer. It includes specific mitigations such as a 60-second timeout and a dry-run requirement to prevent unintended destructive actions.
[PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it interpolates user-supplied arguments into a shell command string.
Ingestion points: Data provided via the --name, --template, --host, and --target parameters.
Boundary markers: None explicitly defined in the documentation's command construction, though the skill claims to validate these inputs in a separate script.
Capability inventory: Invocation of shell commands through Bash and execution of remote packages via npx.
Sanitization: The skill implementers state that input validation occurs within scripts/mint.mjs and includes logic to explicitly reject any target paths residing within the current project root.

harness-mint