The Agent Skills Directory

[COMMAND_EXECUTION]: The skill can generate and execute shell scripts at runtime via the generate_script method in scripts/generate_report.py. This method writes a bash script to a file, applies chmod 0o755 to make it executable, and prepares it for execution. While the current implementation does not immediately execute the script within the Python process, the skill is designed to facilitate this workflow.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external test result files (XML, JSON) and interpolates this content into generated reports (HTML, Markdown). There is a risk of indirect prompt injection if an attacker can control the content of test failures or error messages, which are then processed by the agent to generate insights or summaries. The skill lacks explicit sanitization or boundary markers for this untrusted data.
[PRIVILEGE_ESCALATION]: The skill performs file permission modifications (chmod 0o755) on dynamically generated scripts in scripts/generate_report.py. This is used to make generated tools executable, which could be abused if the script content is influenced by untrusted input.

generating-test-reports