The Agent Skills Directory

[Metadata Poisoning] (MEDIUM): The skill is marketed as a general-purpose tool for 'production-grade frontend interfaces,' but its core 'Design Thinking' instructions are hardcoded for a 'community football club's website' with specific tone and color constraints. This discrepancy is deceptive and may lead the agent to prioritize these hardcoded values over user-provided context.
[Indirect Prompt Injection] (LOW): The skill ingests design inspiration from a local path (./docs/inspiration). While the skill lacks high-privilege capabilities such as shell execution or network access, the lack of sanitization or boundary markers for this ingested content constitutes a vulnerability. 1. Ingestion points: ./docs/inspiration. 2. Boundary markers: None identified. 3. Capability inventory: The skill generates React/Next.js UI code but lacks subprocess or network operations. 4. Sanitization: None specified for the inspiration content.
[Prompt Injection] (SAFE): Outside of the hardcoded context, there are no patterns suggesting jailbreak attempts or system prompt overrides.
[Data Exposure & Exfiltration] (SAFE): No patterns for accessing sensitive files (e.g., credentials) or exfiltrating data via the network were detected.
[Obfuscation] (SAFE): No evidence of Base64, zero-width characters, or other encoding techniques used to hide malicious intent.

frontend-design