The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The fetch-21st-source.mjs script downloads content from remote URLs provided via command-line arguments and writes them directly to the local filesystem. The script lacks domain validation, allowing the agent to fetch files from arbitrary external sources.
[COMMAND_EXECUTION]: The skill relies on several Node.js scripts (resolve-21st-component.mjs, fetch-21st-source.mjs, build-manual-handoff-template.mjs) to perform automated tasks including network fetching, data parsing, and file writing.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its 'Auto mode' which involves crawling external reference websites. Malicious content on these sites could potentially influence the agent's component mapping or integration logic.
[PROMPT_INJECTION]: The skill processes user-provided handoff files and copied text blocks that contain external URLs and code. This creates an attack surface where instructions embedded in the ingested data could attempt to override agent behavior.
[INDIRECT_PROMPT_INJECTION_VULNERABILITY]:
Ingestion points: External website crawling (Step 1 of Auto Mode) and manual handoff markdown files (21st-handoff.md).
Boundary markers: The skill does not implement explicit boundary markers or instructions to ignore embedded commands when processing crawled site data or user-supplied handoff content.
Capability inventory: The skill has the capability to perform network requests (fetch), write to the filesystem (fs.writeFile), and is instructed to install dependencies found in the resolved components.
Sanitization: While the scripts use basic JSON parsing and regex for metadata extraction, they do not perform security sanitization of the downloaded code or crawled text before integrating them into the project workspace.

21st-dev-components