The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data such as git diffs and markdown documentation to build feature maps. This presents a surface for indirect prompt injection, which is mitigated by a mandatory Phase 3 'Plan Mode' that requires explicit user approval of all test suites and commands before execution.
[COMMAND_EXECUTION]: Includes a setup-hook.sh script that modifies the global Claude Code settings.json file. This script installs safety hooks to ensure user approval is always required for planning and questioning, and configures the model to claude-opus-4-6 to support the reasoning required for test orchestration.
[DATA_EXFILTRATION]: Employs a 'Safety Phase' (Phase 1) that scans environment variables and configuration files for production indicators (e.g., sk_live_, NODE_ENV=production), aborting execution if production environments are detected to prevent data leakage or accidental modification of production systems.
[CREDENTIALS_UNSAFE]: Enforces a strict policy against hardcoded secrets, requiring the use of environment variable references for all test credentials and implementing redaction logic to ensure secrets are never exposed in display outputs or generated reports.
[COMMAND_EXECUTION]: The orchestrator-subagent architecture ensures that all operational tasks, including Docker operations, shell commands, and database seeding, are delegated to isolated subagents rather than being executed in the primary conversation context.
[DATA_EXFILTRATION]: Implements an 'API Response Security' protocol that automatically scans test outputs for PII, leaked secrets, and internal database identifiers, providing automated classification and regulatory impact analysis (GDPR, LGPD, etc.) for any discovered leaks.

autonomous-tests