The Agent Skills Directory

[SAFE]: The skill serves as a legitimate code-generation utility for the AiderDesk ecosystem. It facilitates the creation of extension boilerplate (TypeScript files, JSX components, and configuration) using standard template interpolation.
[INDIRECT_PROMPT_INJECTION]: The skill defines a process for generating extension files based on user-provided metadata (name, description, author). While this is an interpolation surface, it is consistent with the primary purpose of a developer tool and does not exhibit malicious behavior. The skill correctly instructs developers to store configuration within the extension directory to maintain data isolation.
[DYNAMIC_EXECUTION]: The documentation and templates describe a system where UI components are rendered from JSX strings using the string-to-react-component library. This is a platform feature of AiderDesk intended to allow extensible user interfaces and is not a vulnerability within the skill itself.
[EXTERNAL_DOWNLOADS]: The skill mentions external dependencies in the context of documentation (e.g., @anthropic-ai/sandbox-runtime) and provides a template for users to add their own npm packages. No specific malicious or untrusted packages are referenced or installed by the skill.

extension-creator