The Agent Skills Directory

[COMMAND_EXECUTION]: Multiple tools in the suite, including the git-worktree-manager, release-manager, and ci-cd-pipeline-builder, make extensive use of the Python subprocess module to interact with system utilities and the Git CLI. While necessary for their stated engineering purposes, this represents a significant capability for shell interaction.
[COMMAND_EXECUTION]: The autoresearch-agent skill utilizes subprocess.run(shell=True) in its evaluator scripts (benchmark_speed.py, benchmark_size.py, build_speed.py) to execute user-defined benchmarks. This allows for arbitrary shell command execution within the agent's worktree.
[PROMPT_INJECTION]: The skill-security-auditor and its associated reference file threat-model.md contain common prompt injection strings such as 'Ignore previous instructions'. These are included as examples of patterns the auditor is designed to detect and are not intended to be interpreted as direct instructions to the agent.
[EXTERNAL_DOWNLOADS]: The dependency-auditor skill includes a test project with a package.json file that lists 39 external Node.js dependencies. These are utilized for testing the scanner's ability to identify vulnerabilities and license compliance.
[CREDENTIALS_UNSAFE]: The tech-debt-tracker contains a sample file in its assets directory (src/frontend.js) with a hardcoded placeholder API key. This is explicitly labeled as a 'FIXME' and is used as an example of a technical debt pattern for the scanner to identify.

engineering-advanced-skills