The Agent Skills Directory

Prompt Injection (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted data from external project requirement documents (PRDs/tech-specs). This could allow an attacker to influence the agent's behavior via instructions hidden within the requirement documents. Evidence: 1. Ingestion points: Section 'Critical Actions' specifies loading PRD/tech-spec files. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the skill file. 3. Capability inventory: The skill writes design documents to the file system via the referenced 'helpers.md#Save-Output-Document'. 4. Sanitization: No sanitization or filtering of external content is specified.
Data Exposure (SAFE): The skill accesses project configuration and documents as part of its standard design workflow. No hardcoded credentials, sensitive system path access, or unauthorized network exfiltration patterns were detected.
Obfuscation (SAFE): The skill file consists of plain Markdown and YAML frontmatter with no evidence of Base64 encoding, zero-width characters, or homoglyph-based evasion techniques.

UX Designer