The Agent Skills Directory

[PROMPT_INJECTION]: Deceptive metadata regarding skill authorship. The author field in SKILL.md is set to 'vercel', which contradicts the actual author identity, Charlie85270. This impersonation can lead users to misplace trust in the skill's origin.
[EXTERNAL_DOWNLOADS]: Fetches external guidelines from a remote source. The skill is configured to download instruction content from Vercel Labs' official GitHub repository, which is a recognized trusted source.
[PROMPT_INJECTION]: Surface for indirect prompt injection via untrusted data.
Ingestion points: Remote guidelines URL (command.md) and user-specified code files.
Boundary markers: Absent; no delimiters are used to separate fetched instructions from the base prompt.
Capability inventory: File reading and WebFetch capabilities are available to the agent.
Sanitization: No validation or sanitization of external content is described before interpolation into the prompt.

web-design-guidelines