The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes dynamic context injection to execute informational shell commands (pwd and ls) within the SKILL.md file. These are used to identify the project root and existing documentation structure to provide context for the AI agent.
[PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection as it processes data from the local codebase (e.g., package.json and project structure) to inform the generation of design documents. 1. Ingestion points: Reads local files including package.json and explores the filesystem via Glob and Grep tools. 2. Boundary markers: No specific delimiters or instructions are provided to the agent to ignore potentially malicious embedded content in the files being analyzed. 3. Capability inventory: The skill has the capability to write and modify files in the .claude/skills/ directory using the Write and MultiEdit tools. 4. Sanitization: There is no evidence of content sanitization for the ingested codebase data. This surface is considered a low-risk inherent characteristic of codebase analysis tooling.

create-app-design