The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill possesses an Indirect Prompt Injection surface because it ingests untrusted user input and uses it to perform file-system write operations.
Ingestion points: Untrusted data enters the agent context through the [이름] (Name) and [타입] (Type) variables derived from $ARGUMENTS as defined in SKILL.md.
Boundary markers: No delimiters or boundary markers are defined to isolate the user-provided names from the file path logic or the template code, nor are there instructions to ignore embedded commands.
Capability inventory: Across all template sections (component, page, api, hook, store, feature, form), the agent is instructed to create directories and write files (e.g., src/components/[이름]/[이름].tsx).
Sanitization: The instructions lack any sanitization logic to prevent path traversal characters (e.g., ../) or to escape code characters that could lead to script injection in the generated boilerplate.
Risk: An attacker could use a component name like ../../.ssh/authorized_keys to attempt unauthorized file writes or inject malicious code into a generated React component that executes in the developer's environment.

fe-scaffold