The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses local shell scripts and a Node.js server to provide a 'Visual Companion' for interactive UI prototyping. Evidence: 'scripts/start-server.sh' launches 'scripts/server.js'. The server binds to 127.0.0.1 by default and includes path protection via path.basename() to prevent directory traversal.
[SAFE]: No malicious patterns, obfuscation, or unauthorized exfiltration were detected. The server implementation includes an auto-shutdown mechanism (30-minute idle timeout or parent process exit). The skill features an indirect prompt injection surface where the agent reads browser interactions. Ingestion points: '$SCREEN_DIR/.events' file. Boundary markers: Data is structured as JSON lines, though no explicit 'ignore instructions' delimiters are used. Capability inventory: 'Write', 'Bash', 'Edit', and 'TodoWrite'. Sanitization: Inputs are processed as structured click events rather than raw instructions.

interview-openspec