The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references the emulate package and associated @emulators/* scoped modules from Vercel Labs. Vercel Labs is a well-known service and trusted organization, and these references are consistent with the skill's purpose for API testing and emulation.
[COMMAND_EXECUTION]: Instructions are provided for running npx emulate and npm install to set up and initialize the emulation environment. These commands are typical for development tools and do not involve suspicious execution patterns.
[CREDENTIALS_UNSAFE]: The documentation includes placeholders for auth tokens and RSA private keys within example configuration files. It explicitly recommends using descriptive names (e.g., admin_token) instead of real credentials to prevent accidental exposure in test configurations.
[INDIRECT_PROMPT_INJECTION]: The skill facilitates the generation of API seed configurations based on user-provided data, which creates a potential surface for indirect prompt injection.
Ingestion points: Project specifications, API descriptions, and user requirements processed by the emulate-engineer agent as described in the metadata and quick start sections of SKILL.md.
Boundary markers: None identified in the provided guidance for isolating untrusted user input during config generation.
Capability inventory: The agent is tasked with performing file write operations to create emulate.config.yaml and executing npx emulate (rules/seed-config.md, SKILL.md).
Sanitization: There are no instructions for validating or sanitizing input data before it is incorporated into the generated YAML configurations.

emulate-seed