The Agent Skills Directory

[PROMPT_INJECTION]: The skill workflow involves gathering user-provided content such as stats, categories, and quotes to be interpolated into HTML templates. The instructions do not include requirements for sanitization, escaping, or the use of boundary markers to prevent the execution of malicious instructions or scripts embedded within that content. This creates a surface for indirect prompt injection where malicious input could influence the output or include executable scripts in the final HTML. Ingestion points: Workflow step for gathering user content in SKILL.md. Boundary markers: Absent in instructions and templates. Capability inventory: Generates HTML files intended for rendering in a browser; includes a Playwright screenshot utility. Sanitization: Absent; no validation or escaping specified for user data.
[EXTERNAL_DOWNLOADS]: The generated HTML templates reference Google Fonts (fonts.googleapis.com and fonts.gstatic.com). These are well-known and trusted services for web typography.
[EXTERNAL_DOWNLOADS]: The screenshot utility requires the installation of the 'playwright' library and browser binaries from the official Playwright registry.
[COMMAND_EXECUTION]: The skill documentation provides standard shell commands for setting up and running the screenshot utility (npm install, npx playwright install, and node screenshot.mjs). These are routine administrative tasks for the provided toolset.

apple-bento-grid