The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to request an OpenRouter API key from the user and then pass it as a command-line argument (--ai-key) to a deployment script (deploy-cloudflare.js). Secrets passed via CLI arguments are considered unsafe because they can be exposed in process listings, environment variables, and shell command history logs.
[PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection. It ingests untrusted data from user prompts, reference images, and HTML files (theme.html) to guide its code generation logic. It lacks explicit instructions to ignore embedded commands or use boundary markers when interpolating this untrusted data into the agent's logic for generating React code.
Ingestion points: SKILL.md (instructions to read user prompts, analyze image references, and ingest theme.html).
Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded instructions in external assets.
Capability inventory: Bash, Write, Edit, Glob, Grep (used to execute build scripts and manage local files).
Sanitization: Absent; observations from untrusted assets are used directly to inform the generated JSX output.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute a series of local scripts (server.ts, assemble.js, deploy-cloudflare.js) and start a local server for the editor UI. This provides the skill with the ability to execute arbitrary code within the local environment based on the state of the generated application.
[EXTERNAL_DOWNLOADS]: The core application template (index.html) is configured to load critical JavaScript dependencies from external CDNs (unpkg.com, esm.sh, jsdelivr.net) at runtime. This includes the Babel transpiler, Tailwind CSS, and security-sensitive OIDC components, which introduces a supply chain risk if the CDNs or the hosted packages are compromised.

vibes