The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interprets untrusted documentation to generate executable test steps.
Ingestion points: Documentation markdown files (e.g., scripts/sample-docs.md) and user-provided text descriptions.
Boundary markers: None; the agent translates natural language instructions directly into JSON action parameters.
Capability inventory: Support for runShell (shell commands), httpRequest (API calls), runCode (JavaScript), and saveCookie (file system operations).
Sanitization: The included validate-test.js script performs structural and type validation but does not verify the safety or intent of the commands or URLs generated.
[COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands through the runShell action, which is a core feature of the Doc Detective framework.
[DATA_EXFILTRATION]: The httpRequest action allows the agent to make network requests, which could be exploited to exfiltrate sensitive information if the agent is manipulated via documentation content.
[REMOTE_CODE_EXECUTION]: The fix-tests utility dynamically generates JavaScript code snippets for the runCode action by concatenating strings with values extracted from test failure reports. This process lacks sanitization and could lead to code injection if failure messages are manipulated.
[EXTERNAL_DOWNLOADS]: The skill's build process and testing scripts download the doc-detective-common package from npm and reference the official Doc Detective CLI. These are vendor-owned resources consistent with the skill's purpose and do not represent a security risk.

doc-testing