The Agent Skills Directory

[COMMAND_EXECUTION]: The Python script scripts/design_system.py includes a persist_design_system function designed to save generated design tokens to the local filesystem. This function constructs file paths using the user-provided project_name and page parameters without sanitizing them for directory traversal sequences (e.g., ../ or ..\) or absolute path indicators. An attacker could exploit this to perform arbitrary file writes or overwrite existing files on the host system relative to the agent's working directory.
[SAFE]: The core search engine implemented in scripts/core.py and the bundled CSV datasets follow security best practices. The scripts perform local text processing and data retrieval without initiating network connections or accessing sensitive environment variables or credentials.

ui-ux-pro-max