The Agent Skills Directory

[DATA_EXFILTRATION]: The skill instructions require the agent to read the server/.env.local file to verify and compare the SUPABASE_PROJECT_REF. This action exposes the contents of local environment variables to the agent context.
[COMMAND_EXECUTION]: The skill includes a 'Smoke tests' section that directs the agent to execute shell commands such as node ./scripts/check-env.mjs, server dev, and server db:reset. These operations allow the agent to execute arbitrary local scripts and CLI tools within the workspace.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and following instructions from externally-controllable files like server/README.md and server/.create-rn-miniapp/state.json.
Ingestion points: The agent is instructed to read state.json, README.md, and server/package.json to determine the diagnostic state and next steps.
Boundary markers: The skill does not define explicit boundary markers or provide instructions to the agent to ignore potentially malicious embedded content within these files.
Capability inventory: The agent possesses shell execution capabilities through the defined smoke test scripts and the server CLI.
Sanitization: No validation or sanitization is performed on the ingested file data before it is used to influence the agent's logic or command execution.

supabase-project