The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The file references/12-visual-assets.md contains an instruction to download and execute a shell script from a remote URL using the curl -fsSL https://cli.inference.sh | sh pattern. This is a critical security anti-pattern that allows unverified remote code to run directly on the host system without inspection.
[COMMAND_EXECUTION]: The skill utilizes several high-risk shell commands and patterns:
references/09-local-preview.md includes commands to terminate system processes (kill -9 <PID> and taskkill /PID <PID> /F) based on process IDs.
references/11-deployment.md instructs the agent to perform global package installations (npm install -g vercel), which may require elevated permissions.
Multiple files involve CLI-based authentication flows (vercel login, infsh login) that manage sensitive user session credentials in the terminal context.
[EXTERNAL_DOWNLOADS]: The skill relies heavily on external resources:
It uses npm install and npx to download and run various packages and tools at runtime.
It fetches data and captures screenshots from arbitrary external URLs provided by the user during the "Design Inspiration" phase.
[PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection attacks (Category 8).
Ingestion points: External website content is ingested and analyzed using WebFetch or browser_subagent in references/02-research-guide.md and references/14-browser-automation.md.
Boundary markers: There are no specified boundary markers or instructions to ignore embedded commands within the fetched website content.
Capability inventory: The skill has powerful capabilities, including full shell access (npm, npx, vercel, infsh) and the ability to write executable code to the filesystem.
Sanitization: The skill lacks any sanitization or filtering of the content extracted from external URLs before it is processed by the AI agent.

website-launch-kit