The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation and README recommend the installation of the official netlify-cli package via the NPM registry. This is a well-known utility provided by an established service provider.
[COMMAND_EXECUTION]: Helper scripts including setup_env_vars.sh, check_deployment.sh, and test_function_locally.sh are provided to facilitate development. These scripts execute shell commands to interact with the Netlify CLI and perform HTTP requests via curl. The commands are standard for the intended development workflow and do not exhibit malicious behavior.
[PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted external data through webhook handlers, creating a surface for indirect prompt injection.
Ingestion points: Serverless function handlers (e.g., netlify/functions/sms-webhook.ts) that receive data from external SMS providers.
Boundary markers: While explicit boundary markers in strings are not always present, the skill emphasizes signature validation as a security gate.
Capability inventory: The system is configured to perform database operations (Supabase), manage environment variables via CLI, and trigger background tasks.
Sanitization: The skill provides production-ready examples for signature validation using HMAC and Ed25519, and input validation using the Zod library to ensure data integrity and source authenticity.
[CREDENTIALS_UNSAFE]: The documentation and templates contain realistic examples of API keys and JWT headers (e.g., TELNYX_API_KEY=KEY019A..._xxx). These are clearly identified as placeholders or illustrative examples for the user to replace and do not represent active, sensitive credentials.

netlify-integration