The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from URLs, files, or text and interpolates it directly into HTML templates (e.g., assets/long_template.html) using the {{CONTENT_HTML}} or {{BODY_HTML}} placeholders. This HTML is subsequently rendered by a headless browser via Playwright. The lack of sanitization allows for potential script execution or local file access within the rendering context if the input content is maliciously crafted. * Ingestion points: Content acquired from user-provided URLs or text in SKILL.md. * Boundary markers: Absent; user content is directly injected into templates. * Capability inventory: assets/capture.js uses Playwright to render local file URLs and take screenshots. * Sanitization: No escaping or sanitization logic is present in the skill instructions or scripts.
[DYNAMIC_EXECUTION]: The skill dynamically generates temporary HTML files based on user input and system templates, then executes these files by rendering them through a headless browser to generate PNG output.
[DATA_EXPOSURE]: Several assets (e.g., assets/comic_template.html) contain a hardcoded absolute path (file:///Users/lijigang/.claude/skills/ljg-card/assets/logo.png), which reveals the developer's local system username and project structure.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to run the Node.js capture utility (node capture.js) and install dependencies (npm install playwright).

ljg-card