The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill instructions in SKILL.md explicitly command the agent to run open <filename>.html after generating code. This executes a dynamically created file in the user's default browser environment.
PROMPT_INJECTION (HIGH): This skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted external data (codebases, git diffs, and documents) and interpolates this data directly into HTML/JS templates.
Ingestion points: templates/diff-review.md processes git show output; templates/document-critique.md processes raw document content; templates/data-explorer.md processes database schemas.
Boundary markers: None. There are no delimiters or instructions to treat embedded content as untrusted.
Capability inventory: The skill generates executable JavaScript and HTML, and uses the open command to launch the result.
Sanitization: Absent. The provided templates use simple regex for formatting (e.g., replace(/([^]+)/g, '$1')`) but do not perform HTML entity encoding or script sanitization, making Cross-Site Scripting (XSS) trivial to achieve through malicious input data.
DYNAMIC_EXECUTION (MEDIUM): The skill is a runtime code generator (Category 10) that assembles executable HTML and JavaScript based on templates and user input, which is then immediately executed.

playground