The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/validate-zul.py programmatically executes package installation commands (uv pip install lxml or pip install lxml) to ensure its dependencies are met. This is a common automation pattern for developer tools.- [EXTERNAL_DOWNLOADS]: The validation script scripts/validate-zul.py retrieves the ZUL XML Schema (XSD) from the official ZK Framework domain (http://www.zkoss.org/2005/zul/zul.xsd) and attempts to download the 'lxml' package from the standard Python package registry.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection through the processing of external user data. * Ingestion points: User-provided ZUL files and UI mockup images (mockups/screenshots) are read and analyzed by the agent as part of the primary workflow defined in SKILL.md. * Boundary markers: No specific delimiters or safety instructions are defined to separate user-provided data from agent instructions. * Capability inventory: The skill's scripts perform file system operations and execute shell commands (subprocess.run). * Sanitization: No sanitization or filtering logic is present to identify or neutralize potential instructions hidden within the data being processed.

zul-writer