The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and installs numerous development dependencies from the npm registry, including well-known packages like Vite, Tailwind CSS, and various Radix UI components, to establish the React development environment.
[COMMAND_EXECUTION]: The initialization and bundling scripts execute several shell commands, including the global installation of the pnpm package manager and project scaffolding via the Vite CLI.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it generates executable web artifacts (HTML/JavaScript) based on user instructions. Evidence: 1. Ingestion points: User instructions are used to develop the React application code in scripts/init-artifact.sh. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the generated source code. 3. Capability inventory: The skill builds and bundles executable artifacts and runs subprocesses for the build pipeline in scripts/bundle-artifact.sh. 4. Sanitization: There is no evidence of sanitization or escaping applied to the user-influenced code during the bundling process.

web-artifacts-builder