The Agent Skills Directory

[COMMAND_EXECUTION]: The qa mode defines several bash commands involving grep and wc to be run against the src/ directory. This creates a surface for command injection or unintended file traversal if the agent executes these commands without sanitizing filenames or directory paths provided by the user.- [DATA_EXFILTRATION]: In Step 7, the skill uses mcp__puppeteer__puppeteer_navigate to open local files using the file:// protocol. This capability can be leveraged for Local File Inclusion (LFI) to read sensitive system files if the file path logic is manipulated.- [PROMPT_INJECTION]: The skill uses high-pressure, imperative language like "MANDATORY", "No exceptions", and "Hard Rules". These patterns are designed to force the AI to adhere to specific instructions, which can be a technique for overriding safety guardrails.- [INDIRECT_PROMPT_INJECTION]: The skill's automated checks and screenshotting features ingest project files and generated HTML without adequate sanitization or boundary isolation.
Ingestion points: Files within the src/ and ./proposals/ directories.
Boundary markers: No delimiters or safety instructions are used to separate untrusted file content from the agent's instructions.
Capability inventory: Shell command execution, local file system navigation via Puppeteer, and screenshot creation.
Sanitization: The skill lacks logic to validate or sanitize file contents before they are processed by shell tools or the browser.

frontend-design