The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill requires cloning an external, untrusted repository (https://github.com/MeltedMindz/AppFactory.git). This source is not verified or part of the trusted organization list.
COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute shell scripts and build commands from the downloaded repository, specifically bash deploy.sh and npm run build. These scripts could perform malicious actions on the local environment.
REMOTE_CODE_EXECUTION (MEDIUM): Uses npx create-next-app@latest and npx vercel, which fetch and execute code from the npm registry. While these are common developer tools, automated execution by an agent on untrusted project scaffolds poses a risk of supply chain attack.
DATA_EXFILTRATION (LOW): Commands like npx vercel --prod --yes trigger the upload of local project files and potentially environment variables to a third-party cloud provider (Vercel) without manual confirmation.
PROMPT_INJECTION (LOW): The HEARTBEAT.md file contains instructions aimed at steering the agent's long-term behavior by establishing a 'heartbeat rotation' of weekly tasks and social media interactions.

appfactory-builder