The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands defined in mode configuration files, specifically {type_check_command}, {build_command}, {lint_command}, and {test_command}. While these are intended for post-scaffolding validation, they represent a sink for arbitrary command execution if configuration files are modified by an attacker.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection through the processing of plan files.
Ingestion points: The agent reads shared.md, frontend.md, and flows.md from a variable {plan_root}/{slice}/ directory.
Boundary markers: Absent. The skill does not use delimiters or instructions to ignore potential commands embedded within the plan markdown files.
Capability inventory: The skill possesses the capability to write files to the local filesystem (scaffolding) and execute shell commands (validation scripts).
Sanitization: Absent. Data extracted from the plans is directly interpolated into generated TypeScript code, API services, and component logic without escaping or validation.
[EXTERNAL_DOWNLOADS]: The skill interacts with external packages via the {auth_packages_root} configuration. It suggests using package managers like npm or pip to link local auth service packages, which introduces external code into the execution environment.

domain-scaffolder-frontend