The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill creates a high-risk attack surface by ingesting untrusted application code and executing shell commands based on its analysis.
Ingestion points: The agent reads and identifies the user's existing app structure and styling stack (SKILL.md).
Boundary markers: No delimiters or protective instructions are used to separate untrusted code from agent instructions.
Capability inventory: The skill directs the agent to execute shell commands including npm install, npm run build, and npm run lint (SKILL.md, references/guidelines.md).
Sanitization: No validation or sanitization of the user-provided code is performed before command execution.
[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill mandates the installation of gts-central-library@0.1.0-beta.2, an external package from an unspecified and non-trusted source.
[Command Execution] (LOW): Explicit instructions to run developer tools (npm/bun build and lint) are included for validation, which can be exploited if the project's scripts are compromised.

gts-design-system-integration