The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill frequently instructs the agent to execute local Python scripts (scripts/gemini_batch_process.py and scripts/media_optimizer.py) with complex arguments, including string-interpolated prompts derived from user input. Since the source code for these scripts is not provided, their safety, specifically regarding command injection or data exfiltration, cannot be verified.
PROMPT_INJECTION (LOW): The skill is designed to analyze untrusted visual content (screenshots and design references) using multimodal models. This creates a surface for Indirect Prompt Injection, where an attacker could embed malicious text instructions within an image that are then extracted and treated as authoritative design guidelines by the agent.
Ingestion points: SKILL.md and references/design-extraction-overview.md (screenshots, photos, and competitor design references).
Boundary markers: Absent; analysis prompts in references/extraction-prompts.md do not include instructions to ignore embedded adversarial text.
Capability inventory: Subprocess execution via Python scripts and automated code implementation.
Sanitization: No sanitization or validation of the extracted design guidelines is mentioned before they are used to influence code generation.
NO_CODE (LOW): The skill package is incomplete, referencing several markdown files (asset-generation.md, visual-analysis.md, design-extraction.md, technical-guide.md) and critical Python scripts that are missing from the audit scope.

frontend-design