The Agent Skills Directory

[PROMPT_INJECTION]: The skill interpolates untrusted user inputs (e.g., url, redesign_style, page_type) directly into the prompts used for image generation tools like gpt4o-text-to-image and bytedance-seedream-v4.5.
Ingestion points: Untrusted data enters the agent context through the url, redesign_style, and page_type input fields in SKILL.md.
Boundary markers: No boundary markers, XML tags, or delimiters are used to wrap the interpolated variables in the prompt strings (e.g., Professional UI/UX redesign of a {{page_type}} for the website at {{url}}).
Capability inventory: The agent has the capability to execute shell commands via the muapi CLI and curl.
Sanitization: There is no evidence of input validation or sanitization to prevent an attacker from providing a URL or style that contains malicious instructions intended to hijack the image generation process or the agent's behavior.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the muapi CLI and curl to interact with the api.muapi.ai backend.
Command injection risk: User inputs are substituted into the curl data payload and muapi command arguments. Without proper escaping, this could lead to command injection if the executing agent does not handle shell characters in the inputs safely.
Credential handling: The skill correctly suggests using the environment variable $MUAPI_API_KEY rather than hardcoding credentials, which is a safe practice.

muapi-url-to-design