The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The scripts process external HTML and CSS files. Malicious instructions embedded in comments or selector names within these files could attempt to influence the agent's behavior or reasoning when it processes the validation reports.
Ingestion points: File content is read via Path(filepath).read_text() in scripts/check_touch_targets.py and scripts/validate_mobile_first.py.
Boundary markers: None identified.
Capability inventory: The scripts have no network access, file-write capabilities, or arbitrary code execution; they only output analysis to stdout.
Sanitization: None, though the script logic primarily extracts numeric values and specific CSS/HTML patterns, which limits the payload potential.
[Implementation Security] (LOW): The regex used for HTML tag parsing in scripts/check_touch_targets.py (line 101) is potentially vulnerable to Regular Expression Denial of Service (ReDoS) when processing extremely large or specifically malformed files with unclosed tags.
[Data Exposure] (LOW): The scripts accept a file path as a command-line argument and read its full content. While no exfiltration mechanism exists, the tool could be used to expose sensitive file content to the agent if the agent is tricked into analyzing non-code files.

mobile-first-designer