The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill provides the project-download_from_playground tool, which retrieves code from a remote server via pre-signed ZIP URLs. Integrating and potentially executing code from an external source without automated vetting is a significant security consideration.\n- [Command Execution] (MEDIUM): The playground-publish tool's capability to publish design systems as npm packages allows the agent to perform high-impact registry operations. This could be abused if an attacker influences the agent's actions through malicious inputs.\n- [Data Exposure & Exfiltration] (LOW): The skill transmits project data, including prompts and website URLs, to the Anima API (public-api.animaapp.com). While functional, it constitutes a data flow to a service outside the trusted scope.\n- [Indirect Prompt Injection] (LOW): The skill is vulnerable to instructions embedded in external websites (l2c) or Figma designs (f2c). Evidence Chain: 1. Ingestion point: url and fileKey parameters in playground-create. 2. Boundary markers: None identified in tool documentation. 3. Capability inventory: Tools for file downloading and npm publishing. 4. Sanitization: No sanitization or safety checks for external content are documented.

anima