The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a 'Write' tool to create and modify files on the local filesystem based on user-provided parameters like 'module_path' and 'route_path'. If the agent does not strictly validate these paths against project boundaries, it could be used to perform path traversal and overwrite sensitive configuration files such as '.env', 'package.json', or '.ssh/config'.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It is configured to trigger on generic instructional phrases (e.g., 'create a component', 'new page', 'add a form') which are likely to appear in untrusted external data such as pull request descriptions, issue reports, or README files. This could lead the agent to unintentionally scaffold malicious code into the repository.
[PROMPT_INJECTION]: There is a risk of unsafe data interpolation. The skill substitutes user-controlled input into template placeholders like '{jsx_body}', '{mutation_body}', and '{form_data_extraction}' without sanitization or boundary markers. This allows an attacker to provide malicious code snippets that will be directly written into the application's source code.
[COMMAND_EXECUTION]: The 'config.json' file allows for interactive overrides of critical deployment paths. If an attacker can influence these configuration values, they can redirect the agent's file-writing operations to arbitrary locations on the host system.

react-19-component-scaffolder