The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to run Python scripts (e.g., python .agent/skills/vulnerability-scanner/scripts/security_scan.py .). These scripts are located in external skill directories, creating a dependency on the integrity and existence of those local files.\n- [COMMAND_EXECUTION]: Several validation commands (e.g., lighthouse_audit.py <url> and playwright_runner.py <url>) incorporate a <url> placeholder. This creates a potential command injection surface; if the agent interpolates unvalidated user input directly into the shell command string, it could allow for arbitrary command execution on the system.

clean-code