The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill is authorized to use the Bash tool for repository analysis and file searching. While necessary for its core functions, this capability allows for local command execution which could be abused if the agent is compromised by malicious input.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through the processing of external data. 1. Ingestion points: Processes PBI files, test specifications, and repository source code in the /test-spec and /test-cases workflows. 2. Boundary markers: Absent; there are no clear delimiters or instructions to ignore embedded commands in the ingested files. 3. Capability inventory: Includes Bash, Write, and Edit tools, which could be leveraged by an injection. 4. Sanitization: Absent; the skill does not specify any validation or sanitization of content extracted from PBIs or code.

qa-engineer