The Agent Skills Directory

[PROMPT_INJECTION]: The file prototype-restoration.md includes instructions that explicitly direct the agent to override or ignore standard project rules and development guidelines (rules/development-guide.md) in favor of its own independent restoration process.
[PROMPT_INJECTION]: The skill processes untrusted content from external Axure prototype URLs, creating a surface for indirect prompt injection attacks.
Ingestion points: Data enters the context through MCP tool calls such as get_axure_text and get_axure_sitemap in prototype-restoration.md and theme-generation.md.
Boundary markers: The instructions lack explicit delimiters or warnings to ignore commands embedded within the fetched prototype content.
Capability inventory: The agent has the capability to write files to the project directory and execute local shell commands (node scripts/check-app-ready.mjs).
Sanitization: There is no specified logic to validate or sanitize external prototype text before utilizing it for code or document generation.
[COMMAND_EXECUTION]: The restoration workflow involves executing a local script using node scripts/check-app-ready.mjs. While intended for validation, this provides a mechanism for command execution that processes generated file paths.

axure-prototype-workflow