The Agent Skills Directory

[SAFE]: The skill interacts with user-provided URLs and local project files specifically to extract design tokens (CSS variables, Tailwind themes, etc.). This behavior is consistent with its stated purpose of design auditing.
[SAFE]: External dependencies are restricted to the official Google Stitch MCP server, which is a trusted service for design-to-code workflows.
[SAFE]: Project file access is limited to UI-related patterns such as tailwind.config.*, tokens.css, and theme.* via the Glob tool, ensuring the agent does not access sensitive system or credential files.
[SAFE]: The skill utilizes structured task management (TaskCreate, TaskUpdate) and interactive user prompts (AskUserQuestion) to ensure transparency and human-in-the-loop control over the output format and final recommendations.
[PROMPT_INJECTION]: Indirect prompt injection surface analysis:
Ingestion points: Untrusted data enters the agent context through WebFetch (content from external URLs) and multimodal analysis (OCR/vision on screenshots).
Boundary markers: The instructions do not explicitly define delimiters for untrusted content, but the agent's logic is constrained to extracting specific data structures (JSON tokens).
Capability inventory: The agent has access to Bash, Write, and TaskCreate tools, which are necessary for generating design files and managing the workflow.
Sanitization: The skill focuses on mapping visual properties to a strict token schema, which inherently limits the impact of embedded instructions in the source material. Note: This surface is a functional requirement of design analysis and does not constitute a vulnerability in the skill's implementation.

design-context-extract