The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the @axhub/genie CLI tool to interact with the local development environment and the remote browser extension. Commands include status, editor clients list, editor snapshot, and editor editing set to manage the lifecycle of a code modification task.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the @axhub/genie package from the NPM registry and the Axhub AI Extension from an external product website (axhub.im). These are legitimate dependencies required for the skill's functionality.
[DATA_EXFILTRATION]: The skill includes functionality to export context images and node screenshots from the browser extension to a local directory (e.g., via editor node screenshot --output-dir). While this moves data from the browser to the local filesystem, it is a core feature for providing visual context to the AI agent.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external web pages (such as user notes, element labels, and modification descriptions) which are then processed by the AI agent.
Ingestion points: Data enters the agent via the editor snapshot and editor nodes list commands (found in SKILL.md and references/cli-reference.md).
Boundary markers: No explicit delimiters or instructions are provided to the agent to treat data from the browser as untrusted or to ignore instructions embedded within the notes.
Capability inventory: The agent has the capability to execute shell commands via npx and modify source code files in the project directory.
Sanitization: There is no evidence of sanitization or validation of the content retrieved from the browser extension before it is used to influence the agent's code generation logic.

genie-editor-workflow