The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it accepts arbitrary natural language input from users to drive project creation and code generation.
Ingestion points: User requests (e.g., "Make an Instagram clone") are processed by SKILL.md and project-detection.md to determine project types and templates.
Boundary markers: The instructions do not explicitly define boundary markers (e.g., XML tags) or instructions to ignore embedded commands within user data when interpolating it into files or shell commands.
Capability inventory: The skill utilizes powerful tools including Bash, Write, Edit, and Agent orchestration across all provided templates.
Sanitization: There is no evidence of sanitization or validation logic to filter potentially malicious instructions embedded in user requests before they are used in code generation or command execution.
[COMMAND_EXECUTION]: The skill frequently uses the Bash tool to perform development tasks such as initializing projects, installing dependencies, and running local development servers (e.g., npm install, pip install, uvicorn, npx prisma). These are standard operations for its intended purpose.
[EXTERNAL_DOWNLOADS]: The templates facilitate downloads of numerous third-party libraries and frameworks from well-known registries (NPM, PyPI) and official scaffolding tools (Next.js, Astro, Expo). These references target established ecosystems and well-known services.

app-builder