The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands including curl and npx playwright using placeholders like [BASE_URL] and [TEST_FILE_PATH]. These parameters are sourced from user input or project configuration files (project-context.md). If these files were to contain malicious shell metacharacters, it could lead to command injection.
[DATA_EXFILTRATION]: The skill triggers network requests using curl to check application status. While intended for local development environments, this capability allows the agent to reach external domains if the BASE_URL configuration is modified to point to a remote server.
[PROMPT_INJECTION]: The skill processes untrusted data from "Full error output from the test run" and exploration reports. This creates a surface for indirect prompt injection where malicious instructions embedded in a test failure message could attempt to manipulate the agent's behavior.
Ingestion points: Reads error output from test runs and exploration markdown files.
Boundary markers: None provided in the instructions to separate data from commands.
Capability inventory: Includes shell command execution (curl, npx) and file system write access.
Sanitization: No validation or escaping of the ingested error output is performed before processing.

debug-test