The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a dynamic resolver (@atscript/ui-fns) to transform string annotations into executable JavaScript functions using the new Function constructor.
Evidence: As described in references/dynamic-fields.md, annotations such as @ui.form.fn.* and @ui.form.validate are compiled at runtime into functions that produce form logic.
Risk: The documentation confirms that this process is not sandboxed and does not use an allow-list, meaning executed code has access to global objects like window and fetch.
[PROMPT_INJECTION]: The skill is susceptible to indirect injection because it processes external data and interpolates it into dynamic execution scopes without a security sandbox.
Ingestion points: External data is ingested via the :form-data property and user inputs within the form fields (references/forms.md).
Boundary markers: Absent; the system does not use delimiters or warnings to prevent the execution of malicious instructions embedded in the data.
Capability inventory: The skill possesses the capability to execute arbitrary JavaScript logic through its dynamic annotation resolver (references/dynamic-fields.md).
Sanitization: No sanitization or filtering is applied to the input data before it is used within the dynamic function scopes.
[EXTERNAL_DOWNLOADS]: The skill documentation instructs users to download and install various external Node.js packages and tools.
Evidence: Installation commands in SKILL.md and references/getting-started.md reference packages under the @atscript scope and the use of npx skills for adding capabilities.
Context: These resources are part of the primary infrastructure provided by the author to support the skill's functionality.

atscript-ui-forms