The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it programmatically ingests data from various project-level files to construct prompts for image generation models. If an attacker modifies these source files, they could influence the generated output or the agent's behavior.
Ingestion points: The skill reads from brand-guideline.md, prd.md, 02-campaign-brief-global/output.md, package.json, and README.md (as documented in references/brand-identity-source.md).
Boundary markers: The skill does not use explicit delimiters or instructions to ignore embedded commands within the ingested data.
Capability inventory: The skill can execute Bash commands, write files to docs/design/, and make network requests to the OpenAI API.
Sanitization: No specific sanitization or filtering of the ingested project data is implemented before it is interpolated into prompts.
[EXTERNAL_DOWNLOADS]: The skill connects to the OpenAI API at https://api.openai.com/v1/images/generations to perform its primary function of generating design assets. This is a well-known and expected service for this utility.
[COMMAND_EXECUTION]: The skill uses Bash script logic to check for the presence of environment variables like OPENAI_API_KEY and platform-specific executables like $OD_BIN to determine available features and API tiers during execution.

30-design-master-global