The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It analyzes external websites and applications using agent-browser and processes the retrieved content (UI structure, text, and API patterns) without explicit delimiters or safety instructions to ignore embedded malicious prompts.
Ingestion points: External application URLs processed via agent-browser in SKILL.md and analysis-playbook.md.
Boundary markers: None specified in the instructions for content ingestion.
Capability inventory: Shell execution (Bash), file system writes, and deployment operations via Vercel CLI specified in SKILL.md.
Sanitization: No sanitization or validation of the retrieved content is mentioned before processing.
[EXTERNAL_DOWNLOADS]: The skill uses npx ai-elements@latest which fetches a package from the npm registry during the implementation phase.
[REMOTE_CODE_EXECUTION]: The skill executes remote code via npx ai-elements@latest to generate AI-driven UI components.
[COMMAND_EXECUTION]: The skill frequently uses the Bash tool to execute system-level commands, including browser automation, npx package execution, and Vercel CLI operations (vercel link, vercel env pull, vercel deploy) for environment management and deployment.
[DATA_EXFILTRATION]: The skill instructions specify that the agent should ask the user for credentials when analyzing authenticated applications. While requested transparently, this sensitive information is then processed within the agent's context and automation tools. Additionally, the analysis playbook instructs the agent to capture network traffic, including request payloads and authentication mechanisms like JWTs or cookies, which could lead to accidental exposure of session secrets.

saccoai-product-builder