The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted source code from the project to generate component documentation and design tokens.
Ingestion points: The agent scans files in directories such as src/components/, app/components/, and styling configuration files like tailwind.config.ts.
Boundary markers: No delimiters or instructions are provided to the agent to help it distinguish between its primary instructions and potential malicious instructions embedded within the codebase.
Capability inventory: The skill has access to Bash, Write, and Edit tools, which could be abused if the agent is tricked into following instructions hidden in code comments or project documentation.
Sanitization: There is no evidence of sanitization or filtering of project content before it is processed for description generation.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment checks and install necessary software for visual verification.
Evidence: Execution of npx playwright --version, npm install -g playwright, and npx playwright install chromium.
[EXTERNAL_DOWNLOADS]: The skill downloads the playwright framework and associated browser binaries from official Microsoft-maintained registries.

init