The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses a bash script scripts/fetch-stitch.sh to download design assets from URLs provided by the Stitch MCP tool. These downloads are required for the skill to retrieve the source HTML needed for conversion to Vue components.- [COMMAND_EXECUTION]: Uses the Bash tool to execute a local script for fetching design data and performs standard project initialization and development commands such as npm install and npm run dev.- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process external HTML content to generate frontend code, which creates a potential vector for malicious instructions embedded in the source design data.
Ingestion points: External HTML data downloaded to temp/source.html and design metadata from Stitch.
Boundary markers: The instructions do not define clear delimiters or specific instructions for the agent to ignore embedded commands within the downloaded HTML.
Capability inventory: The agent has permissions for file system writes, Bash command execution, and network access.
Sanitization: There is no specified logic for sanitizing or validating the contents of the design HTML before it is processed by the AI.

stitch-vue-vant-components