The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute repository-specific build scripts, such as npm run build or pnpm build, to verify the implementation of UI changes (SKILL.md, Step 5). This is a standard operation for a development-focused tool.
[SAFE]: Multiple reference files (e.g., references/source-map.md, references/foundations.md, references/layouts.md) contain hardcoded absolute file paths from the author's local development environment, such as /Users/marcelofinamorvieira/datoCMS/dev/cms/. These paths are vendor-related metadata used for documentation and do not pose a direct security risk to the user.
[SAFE]: The skill possesses an inherent attack surface for indirect prompt injection because its core function involves processing untrusted local project files combined with command execution capabilities.
Ingestion points: The agent is directed to read local codebase files including package.json, component source code, and CSS modules (SKILL.md, Step 1).
Boundary markers: No specific delimiters or instructions to ignore potential instructions embedded in the target codebases are provided.
Capability inventory: The skill is capable of executing local build commands and performing file-write operations within the project directory.
Sanitization: No logic is provided to sanitize or validate the content of the files read from the target repository before processing.

datocms-plugin-design-system