The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill is vulnerable to indirect prompt injection attacks. It ingests content from untrusted external sources (user project files) via the Read, Grep, and Glob tools. Because the skill also has Bash, Write, and Edit permissions, an attacker could embed malicious instructions in a project file that the agent then executes. The skill lacks mandatory boundary markers or instructions to ignore embedded commands in the data it processes.- COMMAND_EXECUTION (LOW): The skill is granted Bash tool access for running development scripts. While this is a standard requirement for PWA builds, it constitutes a powerful capability that must be monitored for abuse.- EXTERNAL_DOWNLOADS (LOW): The skill documentation suggests installing dependencies such as next-pwa, workbox-cli, and idb. These are considered low risk under the [TRUST-SCOPE-RULE] as they are reputable packages from trusted sources in the Node.js ecosystem.

pwa-expert