The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute environment setup and data retrieval commands including npm install, npx shadcn, and curl. It includes a PowerShell script scripts/stitch-to-react.ps1 that automates directory creation and writes project configuration and source files (App.tsx, mockData.ts) to the local disk.- [EXTERNAL_DOWNLOADS]: The skill downloads standard development dependencies from the npm registry and fetches design assets from Google Stitch MCP project endpoints. These sources are considered well-known and trusted for the skill's intended purpose.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted HTML and JSON data from external Stitch projects to generate React components.
Ingestion points: Design data and HTML structures fetched from the Stitch MCP via tools like mcp_stitch_get_project and mcp_stitch_list_screens.
Boundary markers: Absent; the instructions do not suggest wrapping external design content in delimiters or applying warnings to ignore embedded instructions during code generation.
Capability inventory: The agent can execute package installations via npm, perform file-write operations via the PowerShell script, and make network requests via curl.
Sanitization: No sanitization or validation of the ingested HTML/JSON content is specified before the data is interpolated into code generation prompts.

stitch-design