The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data (screenshots) provided via the $ARGUMENTS placeholder. This data is analyzed by multimodal vision tools (ai-multimodal) to guide the creation of design plans and implementation of code. An attacker could provide a screenshot containing embedded text instructions designed to bypass agent constraints or inject malicious logic into the resulting frontend code.
Ingestion points: SKILL.md (via <screenshot>$ARGUMENTS</screenshot>)
Boundary markers: Absent. There are no explicit instructions to the vision model to ignore text found within the image that might conflict with system prompts.
Capability inventory: The skill can create directories, write files (plan.md, .md phase files, ./docs/design-guidelines.md), and use subagents to implement HTML/CSS/JS code.
Sanitization: Not detected. The skill relies on the AI's vision capabilities to interpret the input without a validation or sanitization layer for instructions found within the image.
[PROMPT_INJECTION]: The skill uses repetitive, high-emphasis directives such as 'MANDATORY IMPORTANT MUST ATTENTION' and role-play instructions ('ALWAYS REMEMBER that you have the skills of a top-tier UI/UX Designer'). These are characteristic of prompt engineering techniques used to steer agent behavior and override default constraints, though here they appear intended for quality assurance rather than malicious bypass.

design-screenshot