The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses a 'fake context' injection in the 'FINAL STEP' section, instructing the agent to act as if the user has already provided specific critical feedback: 'IMPORTANT: The user ALREADY said "It isn't perfect enough..."'. This is an attempt to override the actual conversation history and force a specific behavioral state.
[EXTERNAL_DOWNLOADS]: The instructions direct the agent to 'Download and use whatever fonts are needed to make this a reality.' This encourages the fetching of external assets from unverified remote sources without domain constraints or integrity checks.
[COMMAND_EXECUTION]: The skill requires the agent to generate and execute code to create .png and .pdf files. It explicitly tells the agent to 'Go back to the code and refine/polish further' and references calling functions or drawing shapes, which necessitates dynamic code execution within the agent's runtime environment.
[PROMPT_INJECTION]: An indirect prompt injection surface exists via user-provided conceptual threads. 1. Ingestion points: 'subtle input or instructions by the user' (SKILL.md). 2. Boundary markers: None present. 3. Capability inventory: Code execution and file writing (.pdf, .png) as described in SKILL.md. 4. Sanitization: No sanitization or validation of the input 'thread' is specified.

canvas-design