The Agent Skills Directory

Remote Code Execution (MEDIUM): The files references/solid/configuration.md and references/react/configuration.md instruct users to run bunx create-tui@latest. This command downloads and executes a script from a remote registry at runtime, which is an unverifiable remote execution pattern.
Command Execution (MEDIUM): In references/core/gotchas.md, the skill documentation explicitly recommends using Bun.$ for executing shell commands (e.g., Bun.$ls -la``). If an AI agent uses this API with untrusted or unsanitized input, it creates a direct path for command injection.
Indirect Prompt Injection (LOW): The skill provides components for displaying code and diffs (references/components/code-diff.md). These components are designed to ingest and render untrusted external data.
Ingestion points: Props such as code, oldCode, and newCode in the code and diff components.
Boundary markers: Absent. There are no instructions for the agent to use delimiters or sanitization when passing data to these components.
Capability inventory: The framework supports shell execution (Bun.$), network operations (fetch), and file system access (Bun.file).
Sanitization: Not mentioned. The documentation focuses on rendering functionality rather than secure data handling.

opentui