The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of third-party extensions from unverified sources. In the pre-flight check, it suggests installing skills from GitHub users 'bencium', 'connorads', and 'lobbi-docs' using the 'npx skills add' command. These sources are not included in the trusted vendor list.
[REMOTE_CODE_EXECUTION]: The resolution strategy for missing dependencies involves executing shell commands that download and integrate external code ('npx skills add ... -g -y'). This pattern allows for the execution of remote code from unverified origins if the user accepts the installation prompt.
[COMMAND_EXECUTION]: The skill makes extensive use of system commands through subagents to initialize projects, install npm packages, and manage a development server. It generates and runs a full Vite/React application, which involves executing dynamically created source code.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from local files or external URLs to drive code generation.
Ingestion points: Site specifications are read via the '--spec' flag, and external website content is retrieved using the '--url' flag (WebFetch).
Boundary markers: The prompts used for the code-generation subagents lack explicit boundary markers or instructions to treat the ingested data as untrusted, increasing the risk that malicious instructions in the source data could influence the generated output.
Capability inventory: The skill possesses powerful capabilities including file system modification, network fetching, and shell command execution.
Sanitization: There is no evidence of input validation or sanitization before the external content is interpolated into subagent prompts for creating '.tsx' files.

distil