The Agent Skills Directory

[PROMPT_INJECTION]: The skill's primary function involves processing untrusted user data such as requirements and user stories to generate testing documentation and code. This creates an attack surface for indirect prompt injection where malicious instructions within the source data could attempt to influence the agent's behavior during the generation process. * Ingestion points: Feature requirements and user stories processed via the workflows in SKILL.md. * Boundary markers: None explicitly enforced within the markdown templates. * Capability inventory: Browser navigation and interaction via the Playwright MCP as described in references/playwright_automation.md. * Sanitization: The skill includes a 'Security Guidelines' section in SKILL.md that provides explicit instructions for URL navigation safety and input sanitization.
[COMMAND_EXECUTION]: The skill facilitates browser automation through the Playwright MCP to validate live UI elements. While this is the intended functionality, it represents a high-privilege capability that could be targeted by indirect prompt injection if the agent is directed to navigate to or interact with malicious external websites.

qa-test-planner