The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The skill implements a dynamic script loading mechanism in references/default-function.md via the Loader class and loadScripts function. This allows the application to fetch and execute arbitrary JavaScript from remote URLs at runtime, which is a classic RCE vector if URLs are manipulated.
[COMMAND_EXECUTION] (HIGH): The core action engine documented in references/fastproject.md and SKILL.md supports an EXE action key. This is explicitly described as 'Raw JS' execution. This capability allows the agent or the processed metadata to execute arbitrary code within the application context, bypassing structured logic constraints.
[PROMPT_INJECTION] (MEDIUM): The SKILL.md file contains a 'Continuous Improvement' section that instructs the agent to 'Update: Modify existing guidelines/references immediately' based on user feedback. This creates a self-modifying instruction loop that can be exploited via indirect prompt injection to rewrite the agent's security protocols or operational rules.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill references tools like save_module and publish_module for moving code between local environments and servers. While intended for development, these tools lack explicit validation or restricted target lists in the documentation, potentially allowing unauthorized code exfiltration or ingestion.
[INDIRECT PROMPT INJECTION] (HIGH): The skill is designed to process external module.json and script.js files while possessing high-privilege capabilities (network access via ajaxCALL, file operations via publish_module, and code execution via EXE). The lack of sanitization or boundary markers between processed data and the execution engine creates a high-risk surface for indirect injection attacks.

fui-module-development