The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it processes content from arbitrary external websites and local source files to identify design issues. A malicious website could contain hidden instructions within its HTML, CSS, or text content designed to override the agent's instructions.
Ingestion points: Target URLs (via browser_navigate), DOM structure (via browser_snapshot), and workspace source code (via grep_search).
Boundary markers: Absent; the prompt lacks specific delimiters or instructions to ignore embedded commands within the data being analyzed.
Capability inventory: File system read/write, code search, and browser automation.
Sanitization: Absent; there is no evidence of content filtering or validation before the data is processed by the agent.
[EXTERNAL_DOWNLOADS]: The skill recommends a reference implementation that uses npx to fetch the @playwright/mcp package from the NPM registry at runtime. This allows for the dynamic loading of the browser automation server.
[COMMAND_EXECUTION]: The skill is explicitly designed to modify source code files (HTML, CSS, JSX, Vue, etc.) within the local workspace to resolve detected design problems. These automated write operations are driven by the analysis of external website content.

web-design-reviewer