The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands to perform repository analysis and image verification, including git log, git diff, git branch, ls, sips, and file.- [EXTERNAL_DOWNLOADS]: The skill downloads the Chromium browser using npx playwright install chromium. This is a routine operation for the well-known Playwright library to enable automated browser actions.- [REMOTE_CODE_EXECUTION]: The skill dynamically creates and executes a Node.js script in the /tmp/ directory to facilitate the screenshot process. While this is part of the core functionality, executing dynamically generated code from templates is a pattern that requires oversight.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from git logs and source code to generate announcement text and UI mockups. * Ingestion points: Git history (git log), diffs (git diff), and various source/config files (tailwind.config.js, .tsx, .css). * Boundary markers: None present to distinguish between project data and instructions. * Capability inventory: File system writes (/tmp/), command execution (node, git), and network access (Playwright browser download). * Sanitization: No explicit sanitization or filtering of the ingested content is performed before it is used to generate UI or text.

feature-image