The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its architecture.\n * Ingestion points: The skill ingests untrusted data from external URLs (via Chrome DevTools) and local source files (.tsx, .vue, .html, .css).\n * Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the processed content.\n * Capability inventory: The system can modify source code (Edit, Write), execute shell commands (Bash), and spawn autonomous sub-agents with dynamic prompts (Agent tool).\n * Sanitization: Content extracted from external sources is not sanitized or validated before being interpolated into context or generated remediation plans.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool for workspace path resolution, project environment detection, and file discovery.\n- [REMOTE_CODE_EXECUTION]: The skill utilizes the evaluate_script tool within a browser context to perform dynamic accessibility audits on rendered pages, representing a powerful capability if influenced by malicious content.\n- [EXTERNAL_DOWNLOADS]: The skill navigates to and fetches content from remote URLs as part of its primary auditing functionality.

team-visual-a11y