The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the agent-browser CLI tool to perform actions such as open, snapshot, and screenshot on user-provided URLs. This is standard functionality for the skill's purpose but involves executing system commands based on external input.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from the websites it analyzes. * Ingestion points: Untrusted data enters the agent context when agent-browser visits and captures the implementation URL specified in SKILL.md. * Boundary markers: Absent; there are no instructions to ignore embedded commands or clear delimiters for the captured web content. * Capability inventory: The skill has the authority to perform file-write operations to modify CSS, Tailwind classes, and ERB templates as detailed in the 'Precise Implementation' section of SKILL.md. * Sanitization: Absent; the skill does not include steps to sanitize or validate the content of the web implementation before using it to inform code changes.

figma-design-sync