The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes raw user input via the skill argument without any boundary markers or instructions to sanitize or ignore embedded commands. This creates a surface for indirect prompt injection where a malicious user could attempt to override the builder's logic during the specification or execution phases.
[DYNAMIC_EXECUTION]: The skill is designed to generate code at runtime based on user-provided descriptions and then execute that code. The instructions to "Write real, complete, working code" and "Execute it" lead to the creation and running of scripts whose logic is entirely determined at runtime, which is a significant security risk if the input is untrusted.
[EXTERNAL_DOWNLOADS]: The technical specification phase directs the agent to autonomously select and integrate external dependencies, such as NPM/PyPI frameworks (Express, Fastify, Hono) and CSS libraries via CDN (Tailwind). This autonomous dependency selection can lead to the installation of unvetted or malicious packages if the agent is influenced by a malicious prompt.
[COMMAND_EXECUTION]: The "Execute" phase (Phase 2) requires the agent to perform operations such as file system writes and likely subprocess execution to run the generated code, package managers, or local servers, granting the skill broad operational capabilities over the host environment.

build