The Agent Skills Directory

[DATA_EXFILTRATION]: The skill captures usage metadata and sends it to a remote endpoint using curl. This telemetry behavior is documented, and the skill includes a logic flow to request user consent before any data is transmitted externally. The telemetry destination is a variable retrieved from the platform's local configuration.
[COMMAND_EXECUTION]: The skill executes shell commands via bash script blocks to manage local configuration files and telemetry logs within the user's home directory. These operations are used for tracking skill performance and maintaining state across sessions.
[PROMPT_INJECTION]: The skill processes project-specific 'brand.md' files as a source of truth for design decisions, which creates a surface for indirect prompt injection. Ingestion points: Reads brand.md from the project root (SKILL.md). Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the brand file. Capability inventory: The skill can execute bash commands for telemetry and local file management (SKILL.md). Sanitization: Absent; external content from the brand file is not validated or sanitized before processing.

frontend-design-guidelines