The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes a bash script (scripts/fetch-stitch.sh) to fetch HTML files from external URLs. These URLs are provided dynamically by the Stitch toolset. Accessing external content is a necessary part of the skill's function but remains a network boundary crossing.
[COMMAND_EXECUTION]: The skill instructions direct the agent to run npm install, npm run dev, and a local bash script. These commands are used to manage dependencies, start the development server, and execute the download utility.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external HTML content to generate React components. Malicious instructions could be embedded within the design files to manipulate the agent's code generation.
Ingestion points: The scripts/fetch-stitch.sh script downloads external content into temp/source.html which is then processed by the agent.
Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions within the downloaded HTML content.
Capability inventory: The agent has Write permissions to create files and Bash permissions to execute system commands.
Sanitization: No sanitization or validation steps are mentioned for the external HTML content before it is parsed for component generation.

stitch-nextjs-components