The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill's core functionality involves ingesting and analyzing external content from web URLs and local source files, which creates a potential vector for embedded malicious instructions to manipulate the agent. Evidence: (1) Ingestion points: the skill uses WebFetch, WebSearch, and Read tools to process untrusted data. (2) Boundary markers: there are no instructions provided to delimit or ignore instructions within the analyzed content. (3) Capability inventory: the agent possesses file read (Read, Glob, Grep) and network capabilities (WebFetch, WebSearch). (4) Sanitization: no content sanitization or validation logic is defined.
Data Exfiltration (LOW): The skill is configured to use network-enabled tools (WebFetch, WebSearch) to access non-whitelisted domains for aesthetic research and design assessment, which constitutes a low-level data exposure risk.

design-critic