The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the subprocess module to execute external commands. The scripts/deploy_vercel.py script calls the vercel CLI for project deployment and domain management. The scripts/batch_create.py script executes a sibling script, scripts/scaffold.py, to handle project generation tasks. While shell=True is avoided, these operations grant the skill significant control over external tools and the local file system.
[PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection through data processing (Category 8). Ingestion points: Data is read from user-provided CSV and JSON files in scripts/batch_create.py and scripts/scaffold.py. Boundary markers: The skill does not implement delimiters or ignore-instructions to prevent the model from obeying instructions embedded within the metadata. Capability inventory: The skill can create directories, write various project files (TypeScript, JSON, CSS), and execute shell commands. Sanitization: Input fields such as name, concept, and slug are interpolated directly into code templates (e.g., layout.tsx, app.json) without escaping or validation, which could allow a malicious data source to inject code into the generated application.
[EXTERNAL_DOWNLOADS]: The skill generates projects that depend on an external UI package, @agenticindiedev/ui. Users are responsible for verifying the integrity of generated package.json files and the external dependencies they pull in before running installation commands like npm install.

micro-landing-builder