The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local script 'node scripts/validate-vision.js --migrate' to validate and upgrade project configuration files. While this is part of the skill's intended logic, executing shell commands is a powerful capability.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted data from user-editable files into its generation process without adequate safeguards. Ingestion points: 'vision.json' and 'docs/product-vision.md'. Boundary markers: The skill does not use specific delimiters or instructions to ignore embedded commands within these files. Capability inventory: The skill can execute local scripts via 'node' and write files to the 'docs/' directory. Sanitization: No content sanitization or filtering of the ingested data is specified.

plaid-launch