The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requests authorization to execute lighthouse, webpack, and performance related commands through the Bash tool to perform performance audits and bundle size checks.
[DATA_EXFILTRATION]: The scripts/report_violation.py script contains a send_slack method that uses the urllib.request library to perform HTTP POST requests to an external Slack webhook URL. While this is the intended mechanism for reporting, it allows the transmission of data to external network endpoints.
[PROMPT_INJECTION]: The skill processes untrusted external data from metric files and tool outputs, which presents an indirect prompt injection surface. 1. Ingestion points: performance-budgets.json, metrics.json, lighthouse.json, and config.json. 2. Boundary markers: None identified in the instruction set to distinguish data from instructions. 3. Capability inventory: Read, Write, Edit, Grep, Glob, and restricted Bash execution. 4. Sanitization: The Python scripts parse JSON content into objects but do not explicitly sanitize or validate the content against embedded natural language instructions.

validating-performance-budgets