The Agent Skills Directory

[SAFE]: The skill's primary function is to generate design system infrastructure. Its use of tools such as Read, Write, and WebSearch is consistent with its stated goal of creating documentation and token definitions. The skill does not attempt to access sensitive system files or execute untrusted code.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads local files to gain project context.\n
Ingestion points: The skill reads files like onboarding.md and positioning.md from the projects/ directory to guide its output.\n
Boundary markers: There are no explicit instructions or delimiters used to separate user-provided content from agent instructions in these read files.\n
Capability inventory: The agent has Write permissions to the project directory and WebSearch capabilities, which could be leveraged if malicious instructions were present in the context files.\n
Sanitization: Content read from the local files is not sanitized or filtered before being processed by the agent.

design-system