The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes a Python utility script scripts/serve_preview.py that initializes a local HTTP server using the standard http.server module. This script is intended to facilitate local template previews and is securely bound to the loopback interface (127.0.0.1), preventing external access.
[EXTERNAL_DOWNLOADS]: The skill's primary function involves retrieving and analyzing styling tokens from user-provided external reference URLs. This behavior is documented and inherent to its purpose of theme replication.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from both external websites and local project files during the analysis phase.
Ingestion points: Untrusted data enters via reference URLs and local project files like index.php and article.php.
Boundary markers: Explicit boundaries are defined in SKILL.md and references/template-boundary.md, instructing the agent to preserve GEOFlow's rendering contracts and avoid arbitrary HTML replication.
Capability inventory: The skill is capable of reading local files, writing JSON artifacts to an outputs/ directory, and executing a local preview server.
Sanitization: The skill workflow prioritizes mapping content to a structured theme package over direct execution or verbatim copying of external site code.

yao-geoflow-template