The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill invokes shell commands using npx playwright screenshot in Phase 3.5 of SKILL.md. Executing shell commands with parameters derived from or targeting files generated from untrusted user content is a significant security risk.
[EXTERNAL_DOWNLOADS] (MEDIUM): The use of npx in Phase 3.5 implies the potential for runtime downloading of the playwright package from the public npm registry, which constitutes an unverifiable dependency pattern.
[PROMPT_INJECTION] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8). It ingests untrusted user content (Phase 1-3) and embeds it into HTML files for rendering in a browser context. 1. Ingestion points: Phase 3.5 in SKILL.md processes 'real content/theme' provided by the user. 2. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are specified for the generated HTML. 3. Capability inventory: The skill has shell execution capabilities (npx playwright) and local file system write access (_temp/). 4. Sanitization: There is no mention of sanitizing or escaping the user content before it is interpolated into the HTML file, allowing for potential script injection or browser-based exploits.

design-philosophy