The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently uses the Bash tool to execute generated Swift scripts and system utilities. For example, the app-icon-generator creates scripts/generate-icon.swift and runs it via the Swift interpreter, and uses sips for image resizing. The screenshot-automation component executes xcodebuild and custom export scripts.
[EXTERNAL_DOWNLOADS]: Several generators include instructions or code templates that fetch dependencies from external sources. This includes using brew to install fastlane and swiftlint, as well as adding Swift Package Manager dependencies from well-known repositories.
[DYNAMIC_EXECUTION]: The app-icon-generator and screenshot-automation components dynamically assemble Swift scripts based on user preferences and project context, which are subsequently executed to produce app assets and process test results.
[INDIRECT_PROMPT_INJECTION]: Components such as feature-flags, announcement-banner, and force-update generate code that ingests data from remote JSON endpoints. This data is used to drive application logic and UI content, creating a surface for indirect injection if the remote source is compromised.
Ingestion points: Remote JSON configuration endpoints in RemoteFeatureFlagProvider.swift, RemoteAnnouncementProvider.swift, and RemoteJSONVersionChecker.swift.
Boundary markers: Generated code does not consistently implement delimiters or warnings for the processing of this remote data.
Capability inventory: The generated networking layer uses URLSession for network operations, and the skill itself possesses Write, Edit, and Bash capabilities.
Sanitization: The generated code relies on standard Codable protocol implementations for JSON decoding.

generators