The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its UI Audit mode. \n- Ingestion points: The agent processes untrusted inputs including component code, Figma specifications, and content from live URLs provided by users as described in the Mode 2 protocol of SKILL.md. \n- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded prompts within the provided data, which could lead the agent to obey malicious instructions hidden in code or external pages. \n- Capability inventory: The skill uses Read, Grep, and Glob tools. While it lacks direct code execution capabilities (like bash or python), an indirect injection could still affect the reliability of the design audit or manipulate subsequent agent behavior. \n- Sanitization: There are no validation or sanitization steps implemented to filter untrusted content before analysis against the reference volumes.

design-system-patterns