The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands to dynamically locate and execute a Python script (look_at.py) within a local plugin cache directory (~/.claude/plugins/cache/edwinhu-plugins/...). This path is constructed at runtime using shell globbing and the script is subsequently executed via python3.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it renders and interprets visual content that may contain adversarial instructions. 1. Ingestion points: PNG renderings of Typst documents, Python-generated charts, and Web UI screenshots. 2. Boundary markers: The vision-related goal templates in references/goal-templates.md do not utilize delimiters or instructions to ignore embedded visual text. 3. Capability inventory: The agent can execute shell commands, python3 scripts, and specialized tools such as tinymist and playwright. 4. Sanitization: There is no evidence of sanitization or validation performed on the visual data or the feedback returned by the vision model before it is used to modify code.

visual-verify