The Agent Skills Directory

[SAFE]: A thorough review of all script and instruction files found no evidence of malicious intent, data exfiltration, or unauthorized privilege escalation. The skill is focused on standard UI development tasks.
[COMMAND_EXECUTION]: The skill includes a local utility script, scripts/scan-components.sh, which uses standard command-line tools like find and grep to inventory project components. This script is used legitimately for the skill's discovery phase.
[EXTERNAL_DOWNLOADS]: The skill references well-known developer tools such as @axe-core/cli and Playwright for accessibility and visual regression testing. These are industry-standard services from trusted registries.
[PROMPT_INJECTION]: An indirect prompt injection surface exists in the 'Adopt' phase where the agent is instructed to read project-level configuration files (e.g., .cursorrules, CLAUDE.md) to extract design tokens. Ingestion points: Discovery manifest files. Boundary markers: Absent. Capability inventory: Component generation and shell execution. Sanitization: Absent. This surface is used for technical discovery and follows the primary purpose of the skill.

kitchen-sink-design-system