The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of processing external data.
Ingestion points: Untrusted data enters the agent context via Sentry issue URLs, PostHog error tracking logs, and user-provided error descriptions (SKILL.md).
Boundary markers: The skill lacks explicit boundary markers or 'ignore embedded instructions' warnings when passing external error context to subagents.
Capability inventory: The skill possesses extensive capabilities across all scripts, including subprocess calls (bash, git, docker compose, psql, redis-cli, curl, grep) and advanced browser automation via Chrome DevTools and Playwright MCPs (SKILL.md, references/debug-dispatch.md).
Sanitization: No sanitization or validation logic is present to filter malicious instructions embedded within the Sentry stack traces or logs before they influence the triage and investigation phases.
[COMMAND_EXECUTION]: The skill executes high-privilege system commands to facilitate debugging.
It uses docker compose exec to run database queries (psql) and check infrastructure health (SKILL.md).
It utilizes redis-cli and various build/test tools like tsc, lint, and test scripts defined in package.json.
While these are intended for developer workflows, they grant the agent broad access to the host system and database contents.
[EXTERNAL_DOWNLOADS]: The skill interacts with well-known services and documentation providers.
It queries Context7 MCP for library documentation and interacts with Sentry/PostHog for error analysis. These are recognized as well-known technology services and are documented neutrally per security guidelines.

debug