The Agent Skills Directory

[PROMPT_INJECTION]: The skill describes a workflow to ingest API documentation from user-provided URLs using fetch_webpage. This provides a significant surface for indirect prompt injection where malicious documentation content could compromise the agent's code generation or execution logic.
Ingestion points: The skill instructions in SKILL.md and references/discovery-and-use-cases.md direct the agent to fetch and ingest documentation from URLs, OpenAPI specs, or markdown files provided by the user.
Capability inventory: The skill has the capability to write files (React components and documentation), execute shell commands via yarn/npx, and initiate network requests.
Boundary markers: Absent. There are no instructions to the agent to disregard potential instructions found within the ingested documentation.
Sanitization: Not present. The skill instructs the agent to extract response shapes and endpoint details directly from the untrusted source.
[CREDENTIALS_UNSAFE]: The discovery flow in references/discovery-and-use-cases.md explicitly instructs the agent to collect authentication headers and literal secret keys from the user for the 'Direct Auth' template.
Evidence: Step 5 of the API Authentication Decision Tree in references/discovery-and-use-cases.md requires collecting the 'Auth header name' and 'Auth header value' (e.g., Bearer tokens or API keys) for inclusion in the frontend code.
[EXTERNAL_DOWNLOADS]: The skill relies on downloading and executing software from the @vtex ecosystem.
Evidence: SKILL.md contains instructions to execute npx @vtex/fsp-cli init and yarn add @vtex/sales-app, which are legitimate packages for the VTEX platform.
[COMMAND_EXECUTION]: The skill provides instructions for the agent to guide the user through executing multiple shell commands for project initialization, development, and deployment.
Evidence: SKILL.md and references/local-dev-build-and-deploy.md contain commands such as yarn fsp dev, yarn fsp build, and npx fsp create.

sales-app-extensibility