The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the agent to execute a Python CLI tool (scripts/search.py) which interfaces with local CSV data files and provides design recommendations. This execution path is the primary intended behavior of the skill.
[COMMAND_EXECUTION]: A code vulnerability exists in scripts/design_system.py within the persist_design_system function. This function constructs file paths using user-controllable input (project_name and page) without adequate path sanitization (only replacing spaces with hyphens). This implementation allows for directory traversal where an attacker could influence the agent to write files to arbitrary locations on the file system relative to the working directory (e.g., using ../../ in the project name).

ui-ux-pro-max