The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external HAR files, which introduces a surface for indirect prompt injection. Malicious strings embedded within the network log data (such as headers or response bodies) could potentially be interpreted as instructions by the AI agent when analyzing or generating code based on the HAR content.
Ingestion points: The main script scripts/har_to_vue.ts ingests data from local HAR files provided as arguments using the readFileSync method.
Boundary markers: The skill lacks explicit boundary markers or delimiters that would instruct the agent to disregard any natural language instructions found within the HAR data.
Capability inventory: Across its scripts, the skill has the capability to write files to the local file system using writeFileSync to produce the generated Vue components and API services.
Sanitization: While the script uses JSON.stringify for certain data structures, it performs direct string interpolation for HTTP headers and URLs (e.g., using template literals in generateApiCode), which could allow for injection of malicious code or instructions into the output files if the source HAR file contains specially crafted malicious strings.

har-to-vue