The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/with_server.py utility uses subprocess.Popen and subprocess.run to execute shell commands provided via command-line arguments. While it employs shlex.split for argument parsing, the script serves as a generic command runner that executes instructions generated by the agent, which could be manipulated to perform unauthorized actions.
[PROMPT_INJECTION]: The skill workflow is centered on reading and processing untrusted data from Jira tickets (specifically the 'For QA' and 'Dev Handoff' sections) and external specification files. This data is used to generate Playwright test scripts and define agent behavior, creating an indirect prompt injection surface.
Ingestion points: Jira ticket descriptions, Dev Handoff comments, and specification files extracted via MCP tools or user-provided paths.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the skill's logic when processing Jira content.
Capability inventory: The skill has the capability to write Python/TypeScript files and execute arbitrary shell commands via the with_server.py script and Playwright.
Sanitization: There is no evidence of sanitization, validation, or escaping of the content ingested from Jira before it is interpolated into test generation prompts.

qa-test