The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's scripts perform broad searches for sensitive data. references/call-wavespeed.py recursively searches all parent directories for .env files to harvest API keys. Additionally, references/call-kie.py accesses global agent configuration at ~/.claude/skills/kie-ai/mcp-config.json to extract credentials.
[EXTERNAL_DOWNLOADS]: The pipeline orchestrates the installation of numerous third-party extensions ('peer skills') from untrusted individual GitHub accounts, including Leonxlnx/taste-skill, kkoppenhaver/cc-nano-banana, and Owl-Listener/designer-skills.
[PROMPT_INJECTION]: Instructions in SKILL.md and site-build-premium.md direct the agent to utilize 'Bypass Permissions mode' during execution. This reduces the frequency of user approval prompts, effectively increasing the agent's autonomy and lowering the barrier for potentially harmful command execution.
[DATA_EXFILTRATION]: The skill exhibits an Indirect Prompt Injection surface (Category 8). It ingests untrusted branding data from external URLs via Firecrawl and interpolates this content into master build prompts. These prompts lack sanitization or boundary markers, creating a path for malicious website content to influence agent behavior during site construction.
[COMMAND_EXECUTION]: The skill makes extensive use of subprocesses to execute Python wrappers, system utilities (ffmpeg), and cloud deployment CLIs (vercel, netlify, gh).

website-builder-pipeline