The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted external data (user project files) and possesses high-impact write/execute capabilities. Malicious instructions inside analyzed files could influence the agent to perform unauthorized actions.
Ingestion points: coverage_analyzer.py and test_suite_generator.py take <project-path> or <target-path> as input, reading arbitrary files within those directories.
Boundary markers: None identified in the documentation or script usage descriptions to distinguish between code-to-be-analyzed and agent instructions.
Capability inventory: The skill explicitly instructs the agent to execute npm run test, docker build, docker-compose up, and kubectl apply -f k8s/. It also generates files via test_suite_generator.py.
Sanitization: No evidence of sanitization or filtering of content read from the target project files.
Unverifiable Dependencies (MEDIUM): The skill requires running npm install and pip install -r requirements.txt without providing specific versions or hashes, which could lead to the installation of compromised packages if the environment is not strictly controlled.
Command Execution (HIGH): The workflow includes execution of complex system-level commands (docker, kubectl, npm) which, if manipulated via prompt injection from the files being analyzed, could lead to full system or cluster compromise.

senior-qa