The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes untrusted user data in the form of screenshots and design references to extract design guidelines which then drive code generation. This creates a surface for indirect prompt injection where malicious visual content could influence the agent's instructions or implementation. Evidence: SKILL.md and references/design-extraction-overview.md. Evidence Chain: (1) Ingestion point: User-provided screenshots (SKILL.md). (2) Boundary markers: None mentioned. (3) Capability inventory: Python script execution and frontend code generation. (4) Sanitization: No validation or escaping of extracted design parameters is documented.
[Command Execution] (LOW): The skill documentation refers to the execution of internal Python scripts such as scripts/gemini_batch_process.py and scripts/media_optimizer.py which are missing from the file list. While these are presented as internal tools, their absence prevents a full security audit of the command execution logic. Evidence: references/ai-multimodal-overview.md.

frontend-design