The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references template source code located in the vendor's official GitHub repository (raw.githubusercontent.com/GovTechSG/). These are legitimate resources used to implement the design patterns described in the skill.
[COMMAND_EXECUTION]: The skill provides instructions for standard development operations, such as using curl to fetch template files and npm to install the well-known ECharts library.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it processes user-provided instructions to generate UI templates. However, the provided skill files do not include exploitable capabilities such as dynamic code execution or file system modification. 1. Ingestion points: User requests for specific page templates (e.g., in SKILL.md). 2. Boundary markers: Not explicitly defined for user input interpolation. 3. Capability inventory: No high-risk capabilities such as subprocess calls or file-write operations are present in the skill files. 4. Sanitization: No explicit sanitization or validation of user-provided content is mentioned.

sgds-templates