The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's package.json specifies a dependency on pdf-parse@^2.4.5. This version does not exist in the official NPM registry (the latest stable version is 1.1.1), making it an unverifiable dependency and a potential vector for dependency confusion or malicious package substitution.\n- [COMMAND_EXECUTION]: The skill workflow in SKILL.md (Step 2) instructs the agent to execute shell commands using the Bash tool to run a local Node.js script. This command interpolates user-provided file paths (<입력.pdf>) directly into the shell string, which can lead to command injection if the filenames contain shell metacharacters and are not properly escaped by the agent.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing untrusted content from user-uploaded documents.\n
Ingestion points: The skill reads and extracts text from user-provided .pdf, .txt, and .md files via the extract_pdf_text.js script and the Read tool.\n
Boundary markers: There are no instructions for the agent to use XML tags, delimiters, or system-level headers to isolate the extracted document content from its internal reasoning and planning instructions.\n
Capability inventory: The skill is granted Bash, Read, and Write permissions, allowing it to execute scripts and modify the workspace based on processed input.\n
Sanitization: No sanitization or validation logic is present to filter or escape potentially malicious instructions embedded within the source documents before they are analyzed for Information Architecture (IA) and screen design generation.

screen-design-doc