The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to use a CLI tool to install components, which involves downloading and executing code from a community repository.
Evidence: SKILL.md and integration patterns describe the use of npx uitripled to fetch component files from the moumen-soliman/uitripled repository.
Risk: Relying on an unverified community source for executable code poses a potential supply chain risk, as the package is not from a recognized trusted vendor or well-known service.
[PROMPT_INJECTION]: The skill provides components for AI Chat and search interfaces, which represent surfaces for indirect prompt injection.
Ingestion points: AI Chat Interface and Expanding Search Dock components (catalogued in SKILL.md).
Boundary markers: No delimiters or instructions are provided in the documentation to isolate user data from agent prompts when using these components.
Capability inventory: The CLI tool associated with the skill has the capability to write to the file system and access the network.
Sanitization: The documentation lacks evidence of sanitization or validation routines for data processed and rendered by these interactive UI components.

uitripled