The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Recommends installing the @scoutqa/cli package from the npm registry, which is a third-party dependency not included in the trusted vendors list.
[COMMAND_EXECUTION]: Instructs the agent to execute shell commands using the scoutqa CLI for web exploration and testing tasks.
[CREDENTIALS_UNSAFE]: Suggests providing authentication credentials as plaintext within command-line prompts (e.g., 'TestPass123'), which may result in sensitive data being logged in shell history or exposed to the remote service provider.
[PROMPT_INJECTION]: Employs strong instructional markers ('IMPORTANT', 'CRITICAL') to mandate proactive background execution, which could lead to unauthorized automated actions or bypass standard user confirmation workflows.
[PROMPT_INJECTION]: The skill ingests data from external URLs, creating a surface for indirect prompt injection. (1) Ingestion points: Website content via the --url parameter in SKILL.md. (2) Boundary markers: Absent; there are no instructions to ignore embedded commands. (3) Capability inventory: Shell command execution via the scoutqa CLI and background task management. (4) Sanitization: Absent; the agent is directed to analyze results without prior validation or filtering.

scoutqa-test