The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the agent to run several shell scripts (e.g., visual-test.sh, pdf-render.sh, snapshot-compare.sh) from the local project directory. These scripts are not included in the skill package, instructing the agent to execute unverified local code.
[REMOTE_CODE_EXECUTION]: The skill references an initialization script at a global plugin path (~/.claude/plugins/marketplaces/aurafrog/aura-frog/scripts/visual/init-claude-visual.sh). This execution targets a file outside the skill and project scope, posing a risk of running unverified third-party code.
[COMMAND_EXECUTION]: The skill uses mcp__plugin_aura-frog_playwright__browser_evaluate to run arbitrary JavaScript within the browser context for tasks like disabling animations. While common for visual testing, this represents dynamic code execution.
[EXTERNAL_DOWNLOADS]: The skill's prerequisites involve installing the puppeteer, pngjs, and pixelmatch npm packages. These are external dependencies required for the skill's core functionality.
[PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill navigates to and evaluates code on URLs provided in DesignSpec JSON files. Malicious content on target pages could attempt to influence the agent's logic during the auto-fix loop. 1) Ingestion points: The url field in DesignSpec JSON files. 2) Boundary markers: Absent; no delimiters or instructions to ignore embedded content are provided. 3) Capability inventory: Bash shell execution, browser control via Playwright, and file modification (Write, Edit). 4) Sanitization: Absent; the skill does not specify validation or filtering of content from target URLs.

visual-pixel-perfect