The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves and processes external HTML source code and design metadata from projects. Malicious instructions embedded within the target HTML could influence the agent's behavior during the analysis and synthesis phase.
Ingestion points: Technical assets fetched via web_fetch from htmlCode.downloadUrl and screenshot.downloadUrl in SKILL.md.
Boundary markers: No specific delimiters or "ignore instructions" warnings are used when processing the external content.
Capability inventory: File system Write access, web_fetch for network operations, and access to stitch MCP tools.
Sanitization: No evidence of sanitization or filtering of the fetched HTML content before it is processed by the model.
[EXTERNAL_DOWNLOADS]: Fetches project assets (HTML and screenshots) from the Stitch platform, which is a well-known service. It also references official documentation from stitch.withgoogle.com.

design-md