The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection because it ingests data from external, third-party registries (21st.dev and shadcn/ui). Instructions embedded in retrieved components could influence the agent or downstream experts.
Ingestion points: mcp__magic__21st_magic_component_inspiration and mcp__shadcn__view_items_in_registries fetch content from external databases into the agent context.
Boundary markers: Absent. The skill does not explicitly instruct agents to ignore instructions found within the fetched component code.
Capability inventory: The agent can spawn other agents (Task), write to the filesystem (Write, Edit), and execute shell commands (npx shadcn).
Sanitization: None detected. Code fetched from registries is directly integrated into the project.
[External Downloads] (SAFE): The skill references font CSS from Fontshare (api.fontshare.com) and utilizes standard package managers (bun, npx). These are reputable sources and the behavior is consistent with the skill's primary purpose of UI development.
[Prompt Injection] (SAFE): The instructions contain strong negative constraints (e.g., 'BANNED' fonts, 'FORBIDDEN' patterns) and mandatory workflows. These are used to enforce a specific design aesthetic ('Anti-AI-Slop') rather than attempting to bypass safety filters or jailbreak the underlying model.

generating-components