The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user input via the $ARGUMENTS placeholder. 1. Ingestion point: The issue description is provided via the <issue>$ARGUMENTS</issue> block in SKILL.md. 2. Boundary markers: The input is delimited by XML-style <issue> tags. 3. Capability inventory: The agent has capabilities for shell command execution (python3), git operations (git-manager), and file system modifications (docs-manager and project-manager). 4. Sanitization: No explicit sanitization or filtering of the user-provided arguments is mentioned in the skill definition.
[COMMAND_EXECUTION]: The workflow involves executing a local Python script (search.py) located within the skill's directory structure to analyze UI patterns. This execution is part of the skill's primary diagnostic purpose.

fix-ui