The Agent Skills Directory

[COMMAND_EXECUTION]: Path traversal vulnerability in the file persistence logic. • File: scripts/design_system.py. • The persist_design_system function uses the project_name and page parameters to construct directory and file paths using pathlib.Path. These inputs are not sanitized for directory traversal sequences such as ../, which could allow an attacker to write or overwrite files outside the intended design-system/ directory.
[EXTERNAL_DOWNLOADS]: Reference to an unverifiable third-party package. • File: references/upstream-README.md. • The documentation recommends the global installation of an external NPM tool uipro-cli, which originates from a source not recognized as a trusted vendor.
[PROMPT_INJECTION]: Insecure handling of untrusted data leading to indirect injection surface. • Ingestion points: User-provided search queries and project names in scripts/search.py. • Boundary markers: Absent. • Capability inventory: Filesystem write access and directory creation across the project tree via scripts/design_system.py. • Sanitization: Punctuation is removed from search queries during indexing in scripts/core.py, but the raw strings used for file persistence and path construction are not sanitized for special filesystem characters.

ui-ux-pro-max