The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches React, ReactDOM, and Babel libraries from the Unpkg CDN. These references use Subresource Integrity (SRI) hashes and target a well-known service, which is a secure practice for remote asset loading in web prototypes.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its core functionality of processing external data to generate code.
Ingestion points: User-provided application descriptions, project configuration files (tailwind.config., theme., tokens.*), and design tokens stored in .claude/design-tokens.json.
Boundary markers: The instructions do not specify the use of delimiters or clear warnings to the agent to ignore instructions embedded within the ingested data.
Capability inventory: The skill can write files to the local filesystem (artifacts/ directory) and execute local file management commands via Bash(cp:*).
Sanitization: No explicit sanitization or validation of the external content is performed before it is interpolated into the generated React components.
[COMMAND_EXECUTION]: Uses shell commands for routine development tasks including directory listing (ls), file copying (cp), and opening files (open). These operations are restricted to specific subcommands and are used to manage local prototype assets and their preview environment.

interactive-prototype