The Agent Skills Directory

[SAFE]: The skill operates as described, using standard tools for browser automation and local project scaffolding. No signs of data exfiltration or malicious intent were found.
[INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. Ingestion points: External web content is ingested via 'mcp__Claude_in_Chrome__read_page' and 'WebFetch' (SKILL.md). Boundary markers: No specific delimiters or warnings against embedded instructions in the source content are defined. Capability inventory: The skill performs file system writes and shell execution ('npm install', 'npx tsc') to build and verify the prototype (SKILL.md, references/project-scaffold.md). Sanitization: There is no explicit sanitization or filtering of the extracted DOM content before it is used to generate React components.

web-prototype