The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill design involves reading a developer-provided 'SPEC.md' file to guide the application building process. This is an ingestion point for untrusted data. 1. Ingestion points: SPEC.md. 2. Boundary markers: Absent in the main skill file. 3. Capability inventory: Guided local server execution, connection to ChatGPT/Claude, and deployment via Alpic. 4. Sanitization: Not mentioned in the top-level instructions.
General Security (SAFE): No evidence of prompt injection, obfuscation, hardcoded credentials, or unauthorized command execution was found in the analyzed file. The external link provided is for documentation purposes.

mcp-app-builder