The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several local shell commands to manage its state and retrieve configurations. Specifically, it uses find to locate active debug sessions, node to execute a local library script (scripts/kata-lib.cjs), and git for automated commits after a bug is resolved. These operations are core to the skill's functionality but involve interaction with the host environment.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It accepts user-provided bug descriptions and symptoms via $ARGUMENTS and subsequent questions, which are then interpolated into the prompt of a dynamically spawned subagent. While the subagent's prompt uses XML-style tags (<symptoms>, <agent-instructions>) as boundaries, there is no explicit sanitization of the user input or a robust instruction to the subagent to ignore any malicious instructions that might be embedded within the symptom reports.
Ingestion points: User input enters via $ARGUMENTS in SKILL.md and subsequent AskUserQuestion calls.
Boundary markers: Uses <symptoms> and <agent-instructions> tags to encapsulate data.
Capability inventory: Subagents are granted the ability to read project files, form and test hypotheses, and execute shell/Git commands via the orchestrator's framework.
Sanitization: No evidence of input sanitization or filtering was found before interpolation into the subagent prompt.

kata-debug