The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill directs the agent to 'super carefully scrutinize every aspect of the application workflow and implementation' and make improvements. This exposes the agent to potential malicious instructions embedded in the target application's code or comments.
Ingestion points: Web application source code files (e.g., Next.js, React, and Tailwind components).
Boundary markers: Absent (the prompt lacks delimiters or specific instructions to ignore embedded instructions in the source code).
Capability inventory: File writing and modification (the agent is explicitly tasked with making iterative improvements to the codebase).
Sanitization: Absent (the skill provides no mechanism to filter or validate code content before it is processed by the agent).
[Prompt Injection] (SAFE): The prompts utilize behavioral steering techniques, such as asking for agreement ('don't you agree?') and setting high-quality benchmarks ('Stripe-level', 'world class'). While these influence model behavior, they do not attempt to bypass safety guidelines or override system instructions.
[Data Exposure & Exfiltration] (SAFE): No evidence of hardcoded credentials, sensitive file path access (e.g., SSH keys, .env files), or unauthorized network operations was found.
[Remote Code Execution] (SAFE): The skill does not perform remote script downloads or execute untrusted code from external URLs.

ui-ux-polish