The Agent Skills Directory

[COMMAND_EXECUTION]: Spawns system processes (sips, convert, or cp) to generate thumbnail images for the review dashboard. Arguments are handled safely using arrays to prevent command injection.
[DATA_EXFILTRATION]: Starts a local HTTP server on localhost:8888 to serve the generated review page. The server implementation includes a check to prevent path traversal by verifying that requested file paths begin with the results directory.
[EXTERNAL_DOWNLOADS]: The build script is designed to be self-contained and operates without external npm dependencies, minimizing the attack surface from third-party packages.
[PROMPT_INJECTION]: The dashboard renders data from test manifests and reports. The build script implements character escaping (sanitization) for strings embedded in the HTML to prevent potential indirect injection via cross-site scripting (XSS) within the browser environment.

sg-visual-review