The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill explicitly instructs the agent to execute shell commands using Playwright (npx playwright screenshot) to capture snapshots of generated HTML files. This execution path uses dynamically generated file paths and content, which could be exploited if an attacker provides malicious 'content' or 'themes' that are improperly sanitized before being injected into the HTML or the command string.
REMOTE_CODE_EXECUTION (HIGH): The workflow involves generating HTML files in a temporary directory (_temp/design-demos/) and then rendering them. If the agent incorporates untrusted user data into the HTML structure without strict sanitization, it could lead to the execution of malicious scripts during the rendering process by Playwright.
EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation suggests downloading images to a local path or using external image URLs from sources like Unsplash/Pexels and calling an external tool nano-banana-pro. While these are defined as part of the design workflow, fetching remote resources based on user-steered content introduces a risk of SSRF or downloading malicious assets if the sources are not strictly validated.
PROMPT_INJECTION (MEDIUM): The skill includes instructions to 'immediately' and 'automatically' trigger specific agent behaviors (Phase 3.5, Phase 7). While intended for automation, these patterns mirror injection techniques that attempt to force state transitions or bypass user confirmation.

huashu-design