The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands using variables derived from user input. In references/workflows/explore.md, the open command uses {EXPLORATION_SLUG}. In references/workflows/prototype.md, {PROTOTYPE_SLUG} and {PROTOTYPE_DIR} are used in mkdir, npx sv create, and pnpm install. If these slugs are not strictly validated, it could lead to command injection.
[COMMAND_EXECUTION]: The allow command in references/workflows/allow.md executes a CLI tool to modify the agent's configuration file (~/.claude/settings.json). This is designed to bypass standard permission prompts for the 'ux' skill, which reduces user control over the agent's environment.
[PROMPT_INJECTION]: The style-synthesize workflow in references/workflows/style-synthesize.md visits user-provided URLs and extracts page text using browser automation. This creates a surface for indirect prompt injection, as malicious instructions on an external website could influence the agent's analysis or subsequent actions.
[EXTERNAL_DOWNLOADS]: The skill uses npx, pnpm, and pnpm dlx to install and run various packages from npm (e.g., @codevoyant/agent-kit, sv, tailwindcss, shadcn-svelte). It also uses templates that fetch resources from external CDNs including cdn.tailwindcss.com and fonts.googleapis.com.

ux