The Agent Skills Directory

[SAFE]: The skill uses official packages and tools from 'sanity-io' (the author) and 'anthropic', which are well-known technology providers. All external references target official 'sanity.io' domains or GitHub repositories.\n- [SAFE]: Credentials such as 'SANITY_API_READ_TOKEN' and 'ANTHROPIC_API_KEY' are managed using environment variables (e.g., in '.env' files) rather than being hardcoded, which is the industry standard for secure secret management.\n- [DATA_EXPOSURE]: The skill includes functionality in 'references/ecommerce/app/src/lib/capture-context.ts' to capture the current page's metadata, markdown content, and screenshots. This data is transmitted to the configured LLM endpoint to provide context for the agent's responses. This is a core, documented feature of the shopping assistant implementation.\n- [INDIRECT_PROMPT_INJECTION]: The agent processes untrusted content from Sanity documents and external web pages. Malicious instructions embedded in this content could potentially influence the agent's behavior. The implementation uses boundary markers (e.g., '' tags in 'route.ts') and restricts the agent's capabilities to specific MCP tools like 'groq_query' and 'initial_context' to mitigate this risk. Ingestion points: 'references/ecommerce/app/src/app/api/chat/route.ts' (Sanity system prompt), 'references/ecommerce/app/src/lib/capture-context.ts' (web page markdown).\n- [EXTERNAL_DOWNLOADS]: The skill integrates with conversation classification via 'references/ecommerce/functions/classify-conversations/index.ts'. This component includes an opt-in telemetry feature to share anonymized metrics or conversation logs with Sanity's official services for service improvement, as documented in 'references/conversation-classification.md'.

create-agent-with-sanity-context