The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands using grep and sed with variables (e.g., fcu_css_class, $FCU_UXML) extracted from external YAML configuration files. Without proper sanitization, these variables could be exploited to perform command injection or execute malicious sed scripts if the configuration or project files are maliciously crafted.\n- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface (Category 8) by reading and acting upon untrusted project data.\n- Ingestion points: Untrusted data is read from .claude/reference/visual-test/{screen-name}.yaml and various UXML and USS files in the project.\n- Boundary markers: The skill does not define delimiters or instructions for the agent to distinguish between valid data and potentially malicious embedded instructions in the ingested files.\n- Capability inventory: The skill uses Bash (running grep, sed, and u CLI tools), Read, and Agent tools.\n- Sanitization: There is no evidence of sanitization or validation of the paths or strings derived from external files before they are used in high-privilege tool calls.

visual-test