The Agent Skills Directory

Remote Code Execution (MEDIUM): The script scripts/build_wpf.ps1 utilizes [System.Windows.Markup.XamlReader]::Load() to parse UI definitions. This method is a known vector for XAML injection, which can allow an attacker to execute arbitrary .NET code if the provided XAML file is malicious or if the template generation is manipulated via the WindowTitle parameter.
Command Execution (MEDIUM): The wrapper scripts/ui_architect_wrapper.ts programmatically sets the PowerShell execution policy to RemoteSigned using the -ExecutionPolicy flag. This bypasses the default 'Restricted' security posture on Windows systems to enable script execution, increasing the host's attack surface.
Indirect Prompt Injection (LOW): The skill exposes a surface for indirect prompt injection by ingesting and processing untrusted external data.
Ingestion points: The XamlPath and ViewModel parameters in build_wpf.ps1 and the various UI parameters in ui_architect_wrapper.ts accept data that could contain malicious instructions.
Boundary markers: Absent. The skill does not use delimiters or warnings to prevent the underlying LLM from obeying instructions embedded in the UI definitions or data models.
Capability inventory: The skill can execute PowerShell scripts, read/write to the file system (Get-Content, Set-Content), and load arbitrary .NET assemblies via Add-Type.
Sanitization: Lacking. While there is a check for file existence, there is no validation or sanitization of the XAML content or the structure of the ViewModel objects before they are processed by the .NET runtime.

powershell-ui-architect