The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to perform various shell-level operations, including running development servers, executing test suites via 'npm test', and initiating browser automation sessions using Puppeteer. These capabilities are central to the development workflow but involve significant control over the host environment.
[REMOTE_CODE_EXECUTION]: The development and environment setup modules (e.g., in 'steps-d/step-02-setup-environment.md') automate the installation of third-party dependencies using package managers like npm. Additionally, the 'Reverse Engineering' module ('steps-r') uses Puppeteer to navigate to and analyze external websites, which involves executing remote JavaScript in a controlled browser instance.
[DATA_EXFILTRATION]: The 'Analysis' and 'Reverse Engineering' workflows require the agent to read, scan, and map existing local codebase structures and source files to extract patterns and architectural details. While these actions are intended for project understanding, they involve broad read access to the user's local file system.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8). It is designed to ingest and process untrusted data from external websites (during reverse engineering) and existing source code (during analysis). Maliciously crafted content in these sources could attempt to influence the agent's behavior through embedded instructions, although the risk is mitigated by the agent's structured workflow and safety guardrails.

wds-5-agentic-development