The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates a src/bootstrap.ts script and instructs the user to execute it locally using bun run bootstrap. This script is used to synchronize generated assistant configurations with the Vapi dashboard.
[EXTERNAL_DOWNLOADS]: The generated package.json includes the @vapi-ai/server-sdk dependency, which is the official library for interacting with the Vapi voice-agent service.
[CREDENTIALS_UNSAFE]: The skill demonstrates safe credential management practices by instructing users to store their VAPI_PRIVATE_KEY in a .env.local file and automatically generating a .gitignore entry to prevent accidental exposure.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from a ROUGH_DRAFT.md file to generate system prompts and configuration code.
Ingestion points: Reads ROUGH_DRAFT.md from the project root.
Boundary markers: None present in the input file parsing logic.
Capability inventory: The skill performs local file system writes and the generated code performs network operations via the Vapi SDK.
Sanitization: No explicit sanitization of the input markdown content is performed before interpolation into templates.

vapi-bootstrap-framework