The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the subprocess.run function in scripts/verify_skill.py and scripts/verify_all_sessions.py. These calls are used to coordinate the execution of internal toolchain components, such as performing a syntax check via py_compile or running the verify_test_session.py script. These operations are performed using sys.executable and list-based arguments without the shell=True parameter, adhering to secure coding practices.
[DATA_EXFILTRATION]: In scripts/create_test_session.py, a safety guard is implemented to prevent the tool from operating in the system root or the user's home directory by default. This reduces the risk of accidental modification or exposure of sensitive system configuration files. Users must explicitly provide the --allow-unsafe-root flag to override this protection.
[EXTERNAL_DOWNLOADS]: The config.yaml and reference documentation suggest the use of various third-party security and testing tools such as bandit, semgrep, pip-audit, and pydeps. These are mentioned as recommended dependencies for the project being analyzed and are not automatically downloaded or executed through unsafe remote code execution patterns.
[PROMPT_INJECTION]: The skill instructions in SKILL.md include self-correcting constraints and quality thresholds (e.g., minimum issue counts and mandatory B-round checks) designed to prevent the model from generating superficial or incomplete reports. These are internal behavioral guidelines for the AI agent rather than malicious bypass attempts.

auto-test-project