The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses a broad surface for Indirect Prompt Injection due to its core function of analyzing project files.
Ingestion points: In references/generation-workflows.md, the skill is configured to ingest and analyze README.md, docs/**/*.md, src/**/auth*, src/**/user*, tests/e2e/**, package.json, and .github/workflows/* to extract persona attributes.
Boundary markers: The instructions lack specific boundary markers or requirements to ignore potentially malicious instructions embedded within the analyzed project files.
Capability inventory: The skill utilizes read_file, write_file (for registry and persona storage), and shell_execute (for voice service status checks).
Sanitization: No sanitization or escaping of the ingested data is defined prior to its use in generating persona profiles.
[EXTERNAL_DOWNLOADS]: The SPEAK engine availability checks in references/speak-engine.md use npx --yes edge-tts, which involves the dynamic download and execution of a package from the npm registry. While targeting a well-known service, this method bypasses manual version pinning and security review.
[COMMAND_EXECUTION]: The skill performs several shell-based availability and status checks in references/speak-engine.md. These checks include using curl to probe a local service on localhost:50021, using which say to check for macOS local TTS, and executing python3 commands to verify library installation.

cast