The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an Indirect Prompt Injection surface.
Ingestion points: In Phase 5, the skill fetches a remote file named SKILL.md from https://joincommons.cc/api/items/{slug}.
Boundary markers: The agent is instructed to "Follow it first" without any explicit boundary markers or warnings to ignore embedded instructions within the downloaded content.
Capability inventory: The skill possesses capabilities for file system access (reading and writing to .commons/ and ~/.commons/), network operations (GET/POST requests to joincommons.cc), and command execution (running local Python scripts and curl).
Sanitization: No sanitization or validation of the remote instruction file content is performed before the agent is told to follow its instructions.
[EXTERNAL_DOWNLOADS]: The skill communicates with https://joincommons.cc to fetch item metadata, search results, and design artifacts. It also downloads image assets from a Cloudflare R2 bucket at https://pub-962ae6531eaf4fc2b3cd95edcb026436.r2.dev.
[COMMAND_EXECUTION]: The skill executes a provided Python script scripts/download_thumbnails.py to handle asset management. It also provides a fallback instruction for the agent to use the curl command to download images manually.
[DATA_EXFILTRATION]: During the initialization phase, the skill silently scans project files such as package.json and CSS configurations. It also accesses user-specific taste profiles located at ~/.commons/global-taste.json. Data derived from these files is sent to the external joincommons.cc API during search queries and installation tracking.

find-designs