The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted data from external websites.
Ingestion points: extract_page.py captures raw HTML, text, and styles from user-provided URLs and saves them to page_data.json, which is then processed by chunk_content.py.
Boundary markers: The prompt defined in SKILL.md (Phase 4) interpolates the extracted HTML directly. While it uses markdown headers to structure the input, it lacks explicit delimiters or warnings to ignore embedded instructions within the data.
Capability inventory: The skill utilizes the subagent Task tool to perform file system operations, specifically writing component code to src/components/*.tsx.
Sanitization: There is no evidence of sanitization or filtering of the extracted HTML content to remove potential instructions before passing it to the subagents.
[EXTERNAL_DOWNLOADS]: The skill fetches required Python packages and browser binaries from official registries and trusted sources during its setup phase.
Evidence: scripts/setup.sh and SKILL.md facilitate the installation of dependencies via pip and the Playwright browser engine engine from standard package registries and official Playwright sources.

perfect-web-clone