The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an internal instruction conflict that serves as a bypass for its own security policies. The main SKILL.md defines a 'No tags' requirement and claims a security validation edge function exists to enforce it. However, the accompanying references/interactivity-patterns.md and references/prompt-templates.md (Template 7) provide explicit instructions and code for embedding JavaScript within SVGs for 'advanced' interactivity. This inconsistency allows users to prompt for features that lead to the generation of executable scripts, potentially bypassing the skill's intended safety filters.
[DATA_EXFILTRATION]: The promotion of embedded JavaScript within SVGs introduces a significant XSS (Cross-Site Scripting) vulnerability surface. If the generated SVG is rendered in a web application, an attacker could manipulate the generation process to include malicious scripts capable of stealing session cookies, performing unauthorized actions, or exfiltrating data from the user's browser.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the way it handles untrusted user data.
Ingestion points: The description input field in SKILL.md is the primary entry point for untrusted data.
Boundary markers: There are no delimiters or boundary markers (e.g., XML tags, triple quotes) used in the prompt templates within references/prompt-templates.md to isolate user input from system instructions.
Capability inventory: The skill produces raw svg_code which can include CSS animations and JavaScript, presenting a high-risk capability when rendered in a browser.
Sanitization: While a validation checklist is mentioned in documentation, the presence of templates that violate the primary security rules suggests that the sanitization logic may be either incomplete or easily circumvented by conflicting user requests.

gemini-svg-animator