The Agent Skills Directory

Indirect Prompt Injection (LOW): The script processes user-provided search queries and data from search results, formatting them for consumption by the AI agent. This constitutes a surface for indirect prompt injection if the underlying data sources contain malicious instructions.\n
Ingestion points: args.query and results retrieved from core.search in search.py.\n
Boundary markers: The format_output function uses Markdown headers and bullet points for data structure but does not include explicit delimiters to warn the agent about untrusted content.\n
Capability inventory: The script can write to the local filesystem via design_system.persist_design_system in the design-system/ directory.\n
Sanitization: Long result values are truncated to 300 characters, which provides a minor degree of mitigation against large payload injections.\n- File System Access (SAFE): The script allows persisting design systems to the local directory. This is an intended functional feature and does not exhibit patterns of unauthorized file access or persistence across sessions.

ui-ux-pro-max