The Agent Skills Directory

[PROMPT_INJECTION]: (Indirect) The skill presents an attack surface for indirect prompt injection through the ingestion of untrusted data from external websites.
Ingestion points: In Phase 2 (references/02-clone.md), the skill uses the agent-browser tool to open user-supplied inspiration URLs and extract HTML and computed styles.
Boundary markers: Absent. The instructions do not define delimiters or specific warnings for the model to ignore potential directives embedded within the source site's metadata or text content.
Capability inventory: The agent has extensive capabilities, including shell access for tool installation and project deployment (npm, npx, vercel), file system write access for project files and configuration, and network access to external APIs.
Sanitization: Absent. The skill extracts raw structural and stylistic data from external DOM elements without filtering or sanitizing the ingested content.
[EXTERNAL_DOWNLOADS]: The skill downloads and installs dependencies from the NPM registry. This includes the agent-browser tool for site scraping and the @zhibinyang/nano-banana-mcp server for image generation. It also triggers a download of a Chromium-based browser for testing during setup.
[COMMAND_EXECUTION]: The skill executes several system-level commands to manage the environment and deploy projects. It uses npm install -g for tool setup, claude mcp add to globally register an image-generation server, and sed to update local .env files with user-provided API keys. It also utilizes npx vercel to host the generated landing pages.

website-launch-kit