The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill facilitates the processing of untrusted project data while granting access to powerful execution and write capabilities.- Ingestion points: The skill describes patterns like loadEnv, import.meta.glob, and ssrLoadModule (in references/core-config.md and references/build-and-ssr.md) which ingest data from potentially attacker-controlled local files.- Boundary markers: None. There are no delimiters or instructions to help the agent distinguish between legitimate project data and malicious instructions embedded in those files.- Capability inventory: The skill enables the use of vite build (filesystem write) and vite (code execution) CLI commands, as well as programmatic APIs for building and serving applications.- Sanitization: No sanitization or validation of the ingested file content or environment variables is provided.- [Data Exposure & Exfiltration] (MEDIUM): The skill demonstrates using loadEnv with an empty prefix (''), which loads all environment variables into the application context.- Evidence: In references/core-config.md, the example loadEnv(mode, process.cwd(), '') is shown. This is a known risk factor in Vite as it can accidentally expose sensitive system-level secrets (e.g., cloud provider keys) to the build output.- [Metadata Poisoning] (MEDIUM): The skill uses the name of a well-known developer ('Anthony Fu') in the author field, but the source metadata points to an unverified third-party repository (kirklin/skills).- [Dynamic Execution] (MEDIUM): The skill details methods for runtime code loading and virtual module generation.- Evidence: The ssrLoadModule API and virtual module patterns in references/build-and-ssr.md and references/core-plugin-api.md involve dynamic execution of code strings at runtime.

vite