The Agent Skills Directory

[COMMAND_EXECUTION]: The skill creates persistent bash scripts in the project's tests/manual/ directory and programmatically grants them execution permissions using chmod +x. It then executes these scripts to perform API and UI testing.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection. It ingests data from external "Stories" (e.g., from Linear) and project documentation (infrastructure.md, runbook.md) to define the logic of executable scripts. An attacker with the ability to edit these sources could inject malicious shell commands that would be executed in the local environment.
Ingestion points: Story Acceptance Criteria (Linear), docs/project/infrastructure.md, and docs/project/runbook.md (SKILL.md Phase 1 & 2).
Boundary markers: None; data from external sources is interpolated directly into bash script templates.
Capability inventory: File system write access, execution of generated scripts, network requests via curl, and system-level container management via docker compose.
Sanitization: No sanitization or escaping is performed on the ingested AC content before it is placed into the script templates.
[DATA_EXFILTRATION]: The skill accesses sensitive project configuration files containing port allocations and service endpoints. It collects responses from local API calls (which may contain sensitive data) and transmits them to the Linear platform. While this is the intended purpose, it establishes a pathway for data transfer to an external domain.

ln-522-manual-tester