The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill researches untrusted websites using read_page and javascript_tool. Malicious instructions embedded in a target site's HTML, comments, or metadata could potentially influence the agent's code generation or behavior.
Ingestion points: SKILL.md (Phase 1) uses read_page and find on arbitrary user-provided URLs.
Boundary markers: No specific delimiters or "ignore instructions" warnings are utilized when the agent interpolates extracted site data into its internal generation logic.
Capability inventory: The agent has the ability to write/modify files (Edit tool) and execute shell commands (python3 -m http.server, mkdir, cp).
Sanitization: There is no evidence of sanitization, escaping, or validation of the scraped web content before it is used for generation.
[DYNAMIC_EXECUTION]: The skill generates complete HTML, CSS, and JavaScript files based on external input (the website being researched) and serves them via a local HTTP server. It also performs runtime injection of JavaScript strings into browser tabs to control animation states (Freeze/Inspect) during the review process.
[COMMAND_EXECUTION]: The skill manages a local preview environment by executing shell commands, specifically starting a background process with python3 -m http.server and checking port availability with lsof.
[EXTERNAL_DOWNLOADS]: The generated animations and the project's index.html download assets from Google Fonts via CSS @import, which is a well-known and trusted service.

css-animation