The Agent Skills Directory

[Input Sanitization and Encoding]: The skill explicitly instructs to entity-encode all third-party data (such as PR bodies and issue text) before including it in the HTML page. It also specifically mentions escaping the </ sequence within JSON state blocks as \u003c/ to prevent script injection or premature tag termination on the rendered page.
[Adherence to Content Security Policy (CSP)]: The skill is designed to work within the Artifact tool's strict CSP, which blocks all external host requests. The documentation emphasizes that all assets must be inlined and no external scripts or stylesheets should be used, minimizing the risk of cross-site scripting (XSS) or data exfiltration via the generated pages.
[Data Access and Context]: The skill uses established GitHub CLI (gh) and git commands to pull project status. It treats all fetched content as untrusted data to be summarized, explicitly noting that fetched text should never be interpreted as instructions for the agent to follow.
[Stable File Management]: Project configurations and HTML renders are stored in a predictable, persistent directory (${CLAUDE_PLUGIN_DATA}/artifacts/). This allows for consistent updates and prevents the creation of arbitrary files across the filesystem.

project-artifact