The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill ingests data from several CSV files to provide design recommendations, creating a surface for indirect prompt injection if the data files are modified by an attacker.
Ingestion points: core.py reads from styles.csv, colors.csv, typography.csv, charts.csv, ux-guidelines.csv, and icons.csv located in the data/ directory.
Boundary markers: No delimiters or safety instructions are used when interpolating CSV content into the agent's output context.
Capability inventory: The skill documentation includes protocols for executing local Python scripts and running builders via npx.
Sanitization: There is no evidence of sanitization or validation of the CSV contents before they are processed and presented to the model.
[External Downloads] (MEDIUM): The SKILL.md file contains a 'Module 10: Feedback & Evolution' section that instructs users or agents to git clone updates from an untrusted GitHub repository (nextlevelbuilder/ui-ux-pro-max-skill). This repository is not within the defined Trusted Scopes.
[Remote Code Execution] (MEDIUM): The skill references and encourages the execution of scripts that are not included in the provided package, specifically node .claude/scripts/sfc_lint.mjs for verification and npx tsx builders/theme-factory/builder.ts for theme generation. The behavior of these external scripts is unverifiable.

ui-ux