The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the project plans it processes.
Ingestion points: Reads instructions and requirements from docs/*-plan.md and build metadata from .autobuild/ directory.
Boundary markers: No specific boundary markers or instruction-ignoring delimiters are defined in the plan parsing logic.
Capability inventory: The agent can execute shell commands, generate scripts (bash, python, etc.), run test frameworks, and use curl for network requests.
Sanitization: There is no evidence of sanitization or safety validation of content extracted from plans before it is incorporated into executable scripts.
[REMOTE_CODE_EXECUTION]: The skill generates and executes code at runtime based on external input.
Dynamic script generation: In Phase 7, the skill creates 'outside-in acceptance tests' using requirements and code snippets found in the plan files.
Execution: These generated scripts are then executed using system shells or test runners (e.g., bash, expect, npx playwright).
Dynamic Loading: The skill performs dynamic imports (e.g., await import('./src/index.ts')) to verify exports and wiring, which can lead to arbitrary code execution if module paths are manipulated.
[COMMAND_EXECUTION]: The skill frequently executes shell commands and subprocesses.
System commands: Uses npm run, pytest, go test, and cargo test to execute project quality gates.
Internal scripts: Executes local scripts ./scripts/detect-test-framework.sh and ./scripts/validate-structural.sh for environment detection.
Automation tools: Utilizes tools like curl, expect, and accessibility APIs (osascript) to automate user-facing interfaces.
[EXTERNAL_DOWNLOADS]: The skill facilitates downloading and installing external packages.
Package managers: Commands like npm install, pip check, and npm pack are triggered to verify dependencies and project state.

superval