The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to run various Node.js scripts that perform sensitive file system operations using the shell.
[COMMAND_EXECUTION]: The scripts/pin.mjs utility dynamically generates and writes new AI agent skill definitions (SKILL.md) into hidden harness directories such as .claude/skills and .cursor/skills to create command shortcuts.
[COMMAND_EXECUTION]: The scripts/cleanup-deprecated.mjs script performs automated discovery and deletion of directories and symlinks within the agent's configuration paths.
[COMMAND_EXECUTION]: The skill initiates a local HTTP server via scripts/live-server.mjs which provides endpoints for reading project files and handling data uploads.
[COMMAND_EXECUTION]: Multiple scripts (live-inject.mjs, live-wrap.mjs, live-accept.mjs) perform programmatic search-and-replace modifications on the project's source code, including HTML, JSX, and TSX files.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests and processes untrusted HTML and CSS content from the browser environment and project files, which is then used to influence agent behavior and code generation without strict sanitization.

impeccable