The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads HTML source code and visual screenshots from URLs provided by the Stitch MCP server (specifically htmlCode.downloadUrl and screenshot.downloadUrl). These resources originate from the Google-owned Stitch service, which is recognized as a well-known and trusted source.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests and parses untrusted external HTML content to synthesize design documentation without explicit instructions to ignore embedded commands or use boundary markers. * Ingestion points: The skill uses web_fetch or read_url_content to retrieve user-controlled HTML source code from projects. * Boundary markers: Absent. There are no instructions or delimiters provided to the agent to distinguish between design data and potential malicious instructions within the analyzed assets. * Capability inventory: The skill possesses capabilities for network retrieval, MCP tool execution, and local file creation (DESIGN.md). * Sanitization: Absent. The skill logic does not include validation or filtering of the retrieved content before synthesis.

design-md