The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell scripts (start-server.sh, stop-server.sh) to manage a background Node.js process (server.js). This allows the agent to execute code on the host system to run the brainstorming server.
[DATA_EXFILTRATION]: The Node.js server (server.js) is designed to serve project files and design mockups from a session directory. This server implements no authentication or access control. While it defaults to loopback, the accompanying start script allows binding to all network interfaces (0.0.0.0), which would allow any user on the network to access potentially sensitive project information and brainstorming session data.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8).
Ingestion points: The agent reads and processes local project files and a .events file containing user interaction data from the visual companion session.
Boundary markers: The instructions do not define specific delimiters or instructions to isolate or ignore untrusted instructions that might be embedded in the design context or user events.
Capability inventory: The agent has the ability to write design specifications, execute server management scripts, and initiate complex implementation plans.
Sanitization: Although the server uses path.basename to prevent directory traversal, the data fields within the interaction events (such as 'text' and 'choice') are parsed and processed without sanitization.

brainstorming