The Agent Skills Directory

[Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted visual data from external websites or user screens and passes it to a vision model with high-level analysis instructions.
Ingestion points: Untrusted data enters the agent context via screenshots processed by the image tool (referenced in SKILL.md).
Boundary markers: Absent. The prompts provided (e.g., "Review this UI screenshot for design quality...") do not use delimiters or explicit instructions to ignore text-based commands embedded within the UI components.
Capability inventory: The skill can execute local commands via exec: peekaboo screenshot and interact with the browser via browser: screenshot.
Sanitization: There is no evidence of sanitization or filtering to prevent the vision model from following instructions found inside the screenshot (OCR-based injection).
[Command Execution] (LOW): The skill uses the exec capability to run peekaboo screenshot in SKILL.md. While command execution can be high risk, in this context it is limited to a specific, non-destructive utility necessary for the skill's primary function (visual QA).

visual-qa