The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests data from design nodes which could contain malicious instructions. Ingestion points: The skill uses get_tree_summary and get_computed_styles to read design node metadata and content (SKILL.md). Boundary markers: No specific boundary markers or 'ignore' instructions are used for ingested content. Capability inventory: The skill possesses write capabilities including write_html, insert-children, and node deletion (SKILL.md). Sanitization: The instructions do not describe sanitization or validation of the text or styles retrieved from design nodes.
[SAFE]: No signs of direct prompt injection, malicious command execution, or data exfiltration were found in the skill content.

paper-flex