The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The initialization script scripts/init-artifact.sh accepts a project name as a command-line argument and uses it directly within a shell command without sanitization. This creates a vulnerability where a maliciously crafted project name (e.g., containing semicolons or backticks) could execute arbitrary shell commands on the host system.
Evidence: In scripts/init-artifact.sh, the line pnpm create vite "$PROJECT_NAME" --template react-ts uses the variable PROJECT_NAME which is assigned directly from the first script argument $1 without validation or escaping.
EXTERNAL_DOWNLOADS (MEDIUM): The skill performs global installation of the pnpm package manager and downloads numerous unpinned dependencies from public registries (npm/pnpm). This creates a dependency on external registry integrity at runtime and potentially modifies the user's global environment.
Evidence: npm install -g pnpm in scripts/init-artifact.sh and multiple pnpm install commands for Radix UI and shadcn dependencies that do not use a lockfile or strict version pinning.
DATA_EXFILTRATION (SAFE): No evidence of sensitive data collection or exfiltration to external domains was detected. Network activity is limited to standard package management tools fetching legitimate development dependencies.
INDIRECT_PROMPT_INJECTION (LOW): The skill has an attack surface for indirect prompt injection as it processes user-provided inputs (project names) that directly influence the execution of shell commands.
Ingestion points: Project name argument in scripts/init-artifact.sh and directory context in scripts/bundle-artifact.sh.
Boundary markers: None identified; the skill assumes trusted input for the project name.
Capability inventory: File system writes, shell execution, global package installation, and asset bundling.
Sanitization: None identified; inputs are interpolated directly into bash commands.

interactive-component-creator