The Agent Skills Directory

[SAFE]: The skill demonstrates high security awareness by implementing defensive patterns against common AI vulnerabilities.
[DATA_EXFILTRATION]: All network activity is restricted to the vendor's official API domain (connect.sivi.ai). Sensitive credentials (API keys) are managed via environment variables sourced from a local .env file, ensuring they are not hardcoded or leaked.
[PROMPT_INJECTION]: The skill includes explicit 'Input Boundary' instructions that command the agent to treat user content strictly as data. This prevents embedded directives in user prompts from being interpreted as instructions. Furthermore, it uses Python's json.dumps() to properly escape user input before it is sent to the API.
[COMMAND_EXECUTION]: Shell script execution is limited to necessary tasks like making API calls and parsing JSON. The skill uses cross-platform compatible bash patterns and relies on built-in tools (curl, python3) rather than installing external dependencies.
[EXTERNAL_DOWNLOADS]: The skill fetches design assets from URLs generated by its own API. It validates that these URLs use the HTTPS protocol and restricts downloads to a local sub-directory within the skill folder.

generate-design