The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the AI agent to execute shell commands with elevated privileges using sudo for prerequisite installation.
Evidence: sudo apt update && sudo apt install python3 in SKILL.md.
[COMMAND_EXECUTION]: The Python script scripts/design_system.py implements a file persistence feature that uses unsanitized user-provided strings to construct file paths, leading to potential path traversal.
Evidence: In persist_design_system, the page and project_name variables are used to create directories and files via Path joining without validating that the path remains within the intended workspace. This could allow an attacker to write or overwrite .md files in sensitive locations.
[PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by processing untrusted user queries and possessing file-writing capabilities without proper sanitization.
Ingestion points: User-provided query strings in scripts/search.py.
Boundary markers: Absent for user-supplied data used in file generation.
Capability inventory: File system write access via the persist_design_system function in scripts/design_system.py.
Sanitization: Inadequate; the code only performs basic character replacement (spaces to hyphens) on user inputs before using them in path construction.

ui-ux-pro-max