The Agent Skills Directory

[COMMAND_EXECUTION]: Path traversal vulnerability in scripts/design_system_persistence.py. The persist_design_system function uses a project name provided by the user to construct a directory path without adequate validation (only replacing spaces). A specially crafted project name (e.g., using ../ sequences or an absolute path) could allow the skill to write files to unintended locations on the file system.
[COMMAND_EXECUTION]: Potential for command and argument injection. The instructions in SKILL.md direct the AI agent to execute shell commands that interpolate raw user queries (e.g., python3 scripts/search.py "<query>"). This pattern is susceptible to injection if the AI agent does not appropriately escape shell metacharacters in the query string.
[EXTERNAL_DOWNLOADS]: The skill's data files contain numerous references to external documentation and official package registries. While these links predominantly target well-known and reputable domains (e.g., GitHub, Google, and official framework documentation sites), they constitute an external surface that users should handle with standard caution.

ui-ux-pro-max