arn-spark-init
Optional customization tool for greenfield projects. This skill should be used when the user says "greenfield init", "arn spark init", "initialize greenfield", "setup greenfield", "greenfield setup", "start greenfield", "configure greenfield", "set up greenfield", "init greenfield", "greenfield configuration", "review greenfield config", "customize greenfield config", "greenfield settings", "Figma setup", "Canva setup", "add Figma", "add Canva", "design tool setup", or wants to customize Arness Spark configuration, add design tool integrations (Figma, Canva), or review current greenfield settings. Arness Spark auto-configures with sensible defaults on first skill invocation — this init is optional. Design tool integration (Figma/Canva) remains available only through this skill.
80
76%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/arn-spark/skills/arn-spark-init/SKILL.mdSecurity
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.70). The skill explicitly invokes third-party tooling in its required workflow (Step 3.3b: "Attempt to list Jira projects via the MCP tool") and may invoke Figma/Canva MCPs or GitHub/Bitbucket CLIs (Step 3.3/3.4) to read remote project metadata, which are untrusted, user-managed sources that the agent reads and uses to choose issue-tracker/platform settings and downstream actions.
- Repository
- AppsVortex/arness
- Commit
1fe948f
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.