The Agent Skills Directory

[SAFE]: The skill serves a legitimate purpose for software testing and follows secure patterns by requiring user confirmation for critical parameters like the application launch command and cleanup procedures.- [PROMPT_INJECTION]: The skill processes terminal output from external applications via mcp__shellwright__shell_read. This creates an attack surface for indirect prompt injection, where a malicious or compromised TUI could emit content designed to influence the agent's behavior. However, this risk is mitigated by the skill's intended use as a testing tool and its lack of high-privilege autonomous actions based solely on that output.
Ingestion points: Raw terminal buffers are read in multiple phases (Surface Mapping, Visual Scan, Keybind Coverage) in SKILL.md.
Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions when reading the PTY output.
Capability inventory: The skill utilizes Bash and shell_send, which are standard for its testing function but could be targeted in an injection scenario.
Sanitization: The skill does not implement specific sanitization or filtering for the character sequences emitted by the tested TUI applications.

qa-tui