The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to install and execute the designlang package from the npm registry using npm install -g or npx. This package is not from a verified or well-known organization, introducing a dependency risk where the external code could be modified or malicious.
[COMMAND_EXECUTION]: The skill makes heavy use of the Bash tool to install software, execute the design extraction CLI, and read system files. While functional, this execution environment is used to run unverified third-party code.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches content from arbitrary external URLs and processes the resulting output as instructions for the agent.
Ingestion points: The agent reads the generated markdown file at design-extract-output/*-design-language.md using cat to "understand the design."
Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potentially malicious commands embedded in the extracted design data.
Capability inventory: The skill has access to Bash, Read, Write, and Glob tools, which could be exploited if the agent follows instructions found in the processed web content.
Sanitization: None. The content is passed directly from the external source to the agent's context.

extract-design