The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill's core purpose is to ingest and analyze untrusted external data, specifically error messages, stack traces, and log files.
Ingestion points: SKILL.md (Phase 1: Read Error Messages), root-cause-tracing.md (Observation of symptoms).
Boundary markers: Absent; there are no specific delimiters or instructions to treat embedded text in logs as data rather than instructions.
Capability inventory: Execution of diagnostic shell commands (SKILL.md), and test execution via npm test (find-polluter.sh).
Sanitization: Absent; the skill does not suggest filtering or escaping content from logs before processing.
[Data Exposure] (LOW): In SKILL.md, the instructions recommend 'diagnostic instrumentation' which includes commands like env | grep IDENTITY and security list-keychains. While targeted at troubleshooting code-signing and environment configuration, this pattern involves printing potentially sensitive environment variables and system state to the console/log, which could lead to accidental exposure if the agent's output is captured in insecure logs.
[Command Execution] (LOW): The skill includes a bash script find-polluter.sh which dynamically identifies and executes test files using npm test. This is a standard utility for identifying flaky tests or state pollution but represents an active command execution capability within the skill.

systematic-debugging