The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate_test_suite.py contains a generate_script method that dynamically builds bash scripts and explicitly modifies their file permissions using chmod 0o755 to make them executable. This allows for the creation and execution of arbitrary system commands at runtime.
[PROMPT_INJECTION]: The skill is designed to ingest and parse untrusted external data, specifically OpenAPI and GraphQL specifications, as described in SKILL.md (Instruction 1). This creates a surface for indirect prompt injection where malicious instructions embedded in a specification file could influence the agent's actions.
Ingestion points: External API specifications (OpenAPI YAML/JSON or GraphQL SDL) are loaded into the agent's context during the parsing phase.
Boundary markers: No specific delimiters or instructions are provided to the agent to treat the specification data as untrusted or to ignore embedded instructions.
Capability inventory: The skill is granted access to powerful tools including Bash, Write, Edit, and Grep, which could be abused if the agent's instructions are overridden by malicious data.
Sanitization: The instructions do not define any sanitization, validation, or escaping procedures for the content extracted from the API specifications.

automating-api-testing