The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill enforces an 'Evidence-Based' loop using search_web and read_url_content to retrieve external documentation. The instruction to 'Implement strictly according to that quote' creates a critical surface for indirect prompt injection.\n\t- Ingestion points: search_web, read_url_content tools fetch attacker-controllable data into the context.\n\t- Boundary markers: Absent; there are no instructions to ignore or isolate embedded prompts in external data.\n\t- Capability inventory: The agent has the ability to read and write frontend code across the project.\n\t- Sanitization: None; the agent is told to treat external quotes as authoritative documentation.\n- COMMAND_EXECUTION (MEDIUM): The skill provides scripts/validate_compliance.py, a local script intended for automated verification. While its current logic uses basic regex, distributing unverified executables for system-level operations increases the attack surface.\n- EXTERNAL_DOWNLOADS (LOW): The skill references several external libraries such as better-all and lru-cache. While these are from trusted sources (GitHub/shuding and GitHub/isaacs), they expand the supply chain dependency risk for the generated code.

frontend-developer