The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill recommends executing the command bunx shadcn@latest add https://www.fonttrio.xyz/r/{pairing-name}.json. This process downloads a remote configuration file from an unverified domain and integrates it into the local project, which can include executable code or unintended file modifications.
[COMMAND_EXECUTION]: The skill instructs the agent to run shell commands to install software components and interact with MCP tools for system modification.
[EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch font pairings and documentation from https://www.fonttrio.xyz, a remote source not identified as a trusted service.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads untrusted project files such as package.json and README.md. These files could contain malicious instructions designed to hijack the agent's behavior. 1. Ingestion points: package.json, README.md, style files. 2. Boundary markers: None present to isolate processed content from instructions. 3. Capability inventory: File system access, network requests via MCP, and shell command execution. 4. Sanitization: No input validation or escaping of the ingested file content is performed.

suggest-improvements