The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted markdown data to generate production-ready code. * Ingestion points: Markdown files located in workspace/[brand]/content/resources/ and the content_architecture.md file. * Boundary markers: The skill instructions do not specify any delimiters or warnings to ignore embedded instructions within the source markdown files. * Capability inventory: The skill has the capability to read local files, discover the project structure via shell commands, and write significant amounts of frontend code to the repository. * Sanitization: No mention is made of sanitizing or validating the markdown body for malicious instructions before using it to influence code generation.
[COMMAND_EXECUTION]: The Phase 1 discovery workflow requires the agent to execute shell commands to identify the framework, styling tokens, and routing patterns of the client codebase.

build-resource-pages