The Agent Skills Directory

[PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes untrusted data from URLs and images. It provides a robust mitigation strategy through an 'External Content Trust Boundary'.\n
Ingestion points: External URLs (processed via copy.md) and images (analyzed via design.md).\n
Boundary markers: SKILL.md contains an explicit 'External Content Trust Boundary' section. copy.md and design.md repeat these instructions to treat fetched content as raw data and ignore embedded directives.\n
Capability inventory: The skill uses WebFetch for network access, npx http-server for local command execution, and file system operations to write to .artifacts/ and src/.\n
Sanitization: Instructions in copy.md specifically mandate discarding directives, prompts, or behavioral suggestions found in HTML or images.\n- [EXTERNAL_DOWNLOADS]: The skill retrieves external resources to support content extraction and styling.\n
Uses WebFetch in copy.md to analyze user-provided websites.\n
References official Google Fonts APIs in frontend.md to provide styling for generated React components.\n- [COMMAND_EXECUTION]: Utilizes local commands to provide the user with previews of generated work.\n
Executes npx http-server in variants.md and export.md to host HTML variants on localhost port 8080.\n
Provides the user with a command to register a local Figma MCP server via the claude mcp add utility.

design-builder