The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Risk. The skill ingests untrusted content from external websites during the Site DNA Extraction phase. This content is then processed to create a build specification. * Ingestion points: Raw HTML, CSS, and metadata from user-provided URLs in references/phase1-site-dna.md. * Boundary markers: Absent. The skill does not instruct the agent to ignore or isolate instructions found within the processed website data. * Capability inventory: File system access for creating the workspace (./ui-clone-workspace/), browser control for site analysis, and the ability to generate and potentially execute a build prompt in references/phase4-build.md. * Sanitization: Absent. No validation or sanitization is performed on the extracted text or data before it is used to generate the build prompt.
[EXTERNAL_DOWNLOADS]: The skill instructs the agent to include scripts from well-known CDNs (Cloudflare, Unpkg, JSDelivr) for libraries such as GSAP, Tailwind, and Lottie. These are standard web development resources originating from well-known infrastructure and are documented neutrally.
[COMMAND_EXECUTION]: During the build phase (Phase 4), the agent is encouraged to execute a generated prompt to create the website. This introduces a risk if the prompt has been poisoned by the source website, potentially leading to the creation of malicious files or logic within the local workspace.

ui-cloner