The Agent Skills Directory

COMMAND_EXECUTION (HIGH): Multiple agents are equipped with the 'Bash' tool and provide instructions or examples for executing powerful shell commands.
Evidence: agents/build-verifier.md contains rm -rf dist && npm run build.
Evidence: agents/debugger.md suggests using tcpdump for network analysis and curl for API debugging.
Evidence: agents/test-runner.md provides examples for running npm test and other test suites.
Note: The severity is downgraded to MEDIUM as these actions are central to the skill's primary purpose as a developer toolbox.
PROMPT_INJECTION (LOW): The skill exhibits a significant surface for Indirect Prompt Injection (Category 8) due to its core function of processing untrusted data.
Ingestion points: agents/code-reviewer.md (source code), agents/debugger.md (stack traces/logs), agents/test-runner.md (source code).
Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands within the processed data.
Capability inventory: Most agents have Bash tool access; several have Write and Edit capabilities for the filesystem.
Sanitization: No sanitization, escaping, or validation of external content is defined in the instructions.
PRIVILEGE_ESCALATION (MEDIUM): The debugger agent suggests tools that often require elevated permissions.
Evidence: agents/debugger.md references tcpdump, which typically requires root or sudo privileges to capture network traffic.

developer-toolbox