The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to follow instructions provided in an external file (e2e_test_file) without safety boundaries. Ingestion points: The specification file path provided as an argument in SKILL.md. Boundary markers: None; the skill lacks delimiters or instructions to ignore embedded malicious prompts. Capability inventory: The skill has access to Bash, Read, and Glob tools. Sanitization: None; the content is parsed and executed directly as a sequence of actions.
[COMMAND_EXECUTION]: The execution process instructs the agent to "Execute the action (navigate, click, enter, etc.)" based on the test specification. When combined with the allowed Bash tool, this creates a risk where a malicious test file could command the agent to run arbitrary shell commands under the guise of test steps.

test-e2e