The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestrator and evaluator agents execute shell commands for build automation, dependency management, and process control. These include 'bun install', 'bun run dev', 'git fetch', and 'pkill' for managing local development environments. It also uses 'curl' to interact with the vendor's bulk-close API at api.dkod.io.
[EXTERNAL_DOWNLOADS]: The skill references and utilizes 'playwright-cli' from Microsoft's official GitHub repository and suggests guidelines from the 'awesome-design-md' project for frontend design tokens. These are well-known or trusted sources for testing and development resources.
[DATA_EXFILTRATION]: The skill transmits code changesets and status metadata to the vendor's platform (api.dkod.io) and pushes completed work to GitHub repositories as Pull Requests. This behavior is consistent with the primary purpose of a cloud-integrated development harness.
[PROMPT_INJECTION]: The skill processes untrusted user prompts and external data files (like PRD.md or DESIGN.md) to generate executable code. This is an inherent attack surface for indirect prompt injection.
Ingestion points: User build prompts, local specification files (PRD.md, DESIGN.md), and dynamic application content extracted during testing (DOM elements, console logs).
Boundary markers: The instruction set uses clear section headers and template markers to separate context, but lacks unique cryptographic delimiters to isolate untrusted input within sub-agent prompts.
Capability inventory: The system can perform recursive sub-agent dispatch, write code to a repository via MCP, execute shell commands, and interact with the network to push PRs.
Sanitization: The skill relies on model instructions for task interpretation; it does not include explicit validation or sanitization steps for ingested design or requirement documents.

dkh