The Agent Skills Directory

Indirect Prompt Injection (LOW): The generate and search commands ingest untrusted user queries and interpolate them into generated Markdown/JSON files or console output. While this creates a vulnerability surface for downstream agents, the risk is minimal as the skill itself does not execute or evaluate the processed data.
Ingestion points: User-provided query and --stack parameters in cli/commands/generate.ts and cli/commands/search.ts.
Boundary markers: Input is placed inside Markdown blockquotes in the output files, but no explicit 'ignore embedded instructions' warnings are included.
Capability inventory: File writing via fs.promises.writeFile to user-specified paths via the --output flag in cli/commands/generate.ts.
Sanitization: No sanitization or escaping is performed on user queries before they are included in the generated output.
Data Exposure (SAFE): The skill reads from a local data directory containing public design datasets and does not access sensitive user files, credentials, or environment variables.
Unverifiable Dependencies (SAFE): The skill utilizes standard, well-known packages from the NPM registry (Orama, CAC, Chalk) for its core functionality, all of which are managed via a standard package.json and lockfile.

ui-ux-design-pro