The Agent Skills Directory

[SAFE]: The skill follows secure design principles by implementing a mandatory 'confirmation phase' where the user must approve a technical interpretation before the agent performs any code edits or command executions.
[COMMAND_EXECUTION]: Shell command usage via 'Bash' is restricted to standard validation tasks (typecheck, test, build) as part of the intended QA workflow.
[DATA_EXPOSURE]: No evidence of hardcoded credentials or unauthorized data access was found. The skill uses a local .hypercore/qa/ directory to maintain session state for its flow-tracking mechanism.
[PROMPT_INJECTION]: Analyzed the attack surface for indirect prompt injection given the ingestion of untrusted stakeholder requests:
Ingestion points: External messages from Slack, Jira, or email are processed as primary inputs to the analysis phase in SKILL.md.
Boundary markers: The skill uses a structured 'Candidate Presentation' format to isolate the agent's interpretation from the raw input, though it lacks explicit input delimiters.
Capability inventory: The skill has access to Edit/Write for code changes and Bash for validation commands.
Sanitization: No automated sanitization is specified; however, the mandatory human review of candidates provides a robust mitigation against adversarial instructions hidden in requests.

qa