The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the agent to execute local Python scripts (design_scorer.py, ai_slop_detector.py, etc.) and potentially perform automated file modifications as part of its 'Fix Session' workflow. These actions are fundamental to its primary purpose as an automated design auditor.
[DATA_EXFILTRATION]: The included Python scripts read and process local HTML, CSS, and JSON files. The analysis is performed entirely on the local machine with no network operations detected in the scripts. File access is limited to paths explicitly provided as arguments or found within user-specified directories.
[PROMPT_INJECTION]: The SKILL.md file defines an 'Interaction Model & Safety Controls' section that provides behavioral guidelines for the agent, such as limiting the number of fixes per session and requiring confirmation for structural changes. These are benign alignment instructions designed to ensure predictable operation rather than malicious overrides.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input data (external HTML and CSS files) which could theoretically contain hidden instructions. However, the included scripts use static regular expressions and remediation advice rather than reflecting arbitrary content from the processed files, significantly minimizing the risk.
Ingestion points: HTML, CSS, and JSON files loaded via --input flags into the Python scripts.
Boundary markers: The tools output structured JSON or plain text reports; no specific 'ignore previous instructions' delimiters are applied to the processed content.
Capability inventory: The agent is authorized to execute the provided Python tools and perform file-system modifications ('AUTO-FIX') based on the reports.
Sanitization: Input files are parsed via standard libraries (json, re); no explicit natural language instruction sanitization is performed on the audited source code.

design-auditor