The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The setup process requires adding a plugin marketplace and installing packages from '0xdesign'. This source is not on the trusted list of repositories or organizations, making the plugin's actual behavior unverifiable.
[COMMAND_EXECUTION] (MEDIUM): The skill performs 'Style inference' which involves reading sensitive local configuration files (Tailwind config, theme files, CSS variables). It also generates multiple code variations and manages a local web server on port 3000. These capabilities, while functional for the skill's purpose, provide a significant attack surface for a malicious plugin to access the local file system or exfiltrate data.
[INDIRECT_PROMPT_INJECTION] (LOW): The 'Interview' and 'Feedback' stages involve processing external 'inspiration' and user-provided descriptions to influence code generation. This creates a surface where external content could potentially manipulate the output, although the impact is limited to the local design environment.

design-and-refine