The Agent Skills Directory

[COMMAND_EXECUTION]: The skill automates version control operations as part of its 'Triage & Fix Loop' workflow. It executes shell commands including 'git status', 'git commit', and 'git revert' to manage codebase state and record fixes for low-severity findings.
[EXTERNAL_DOWNLOADS]: Documentation and script headers suggest a pattern of fetching HTML content from external URLs using 'curl' and piping the results into the 'accessibility_auditor.py' tool. This is a standard method for the skill's utility as an accessibility auditor.
[PROMPT_INJECTION]: The skill processes arbitrary data from the web, such as page HTML, console logs, and network responses, creating a potential surface for indirect prompt injection. Adversarial content on target websites could attempt to manipulate the agent's logic during testing. • Ingestion points: 'accessibility_auditor.py' (via stdin), browser DOM capture tools. • Boundary markers: No explicit delimiters or instructions are provided to isolate processed HTML from agent instructions. • Capability inventory: Filesystem access, git repository modification, and browser automation. • Sanitization: The tools perform standard HTML structure parsing but do not filter for adversarial natural language instructions.
[SAFE]: Automated scanner warnings regarding 'curl | python' patterns were identified as false positives. The commands in the documentation and scripts pipe web content into a specific local script ('accessibility_auditor.py') for analysis, which does not constitute execution of remote code as an interpreter script.

qa-browser-automation