The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The generated HTML files load several external JavaScript libraries (Mermaid.js, Chart.js, and anime.js) from the JSDelivr CDN and fonts from Google Fonts.
[COMMAND_EXECUTION]: The skill performs extensive shell command execution for data gathering, including git operations (git diff, git show, git log), file analysis (wc, ls, grep), and system calls to open the generated files in a browser.
[DATA_EXFILTRATION]: The /share command and share.sh script facilitate the upload of project summaries, architecture overviews, and code diffs to Vercel's public hosting service. These deployments can contain sensitive technical information and are public by default.
[REMOTE_CODE_EXECUTION]: The share.sh script executes a deployment script located in a different skill's directory (vercel-deploy), representing cross-skill execution of external code.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the local project files without robust sanitization or boundary markers. ● Ingestion points: The skill reads content from project files (README.md, CHANGELOG.md) and git metadata through commands like diff-review and project-recap. ● Boundary markers: No explicit delimiters or instructions to ignore instructions in the data are present. ● Capability inventory: The skill can write files to the local system and execute arbitrary shell commands. ● Sanitization: No comprehensive sanitization of the project data is performed before it is interpolated into prompts or the resulting HTML pages.

visual-explainer