The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted HTML data from the application being tested.
Ingestion points: The agent reads the before.dom field from metadata files in simulate-and-diff/SKILL.md and analyzes the output of meticulous agent dom-diff in test-with-meticulous/SKILL.md.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or escape instructions that might be embedded within the application's HTML content.
Capability inventory: The agent uses the ingested data to generate high-level human-readable descriptions of visual changes and final regression reports.
Sanitization: The instructions do not describe any sanitization, filtering, or escaping of the HTML strings before they are presented to the agent for analysis.
[EXTERNAL_DOWNLOADS]: The skill downloads and executes external code and data as part of its core functionality.
The skill uses npx @alwaysmeticulous/cli to install and run the vendor's command-line interface from the npm registry.
It downloads simulation results, base replays, and screenshot artifacts from the vendor's cloud platform at app.meticulous.ai.

using-meticulous