The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the Python subprocess module and shell tools to execute various development utilities such as pytest, git, pylint, flake8, bandit, and mypy. These operations are consistent with its stated purpose of managing test cycles and performing code quality analysis.
[EXTERNAL_DOWNLOADS]: At runtime, the skill fetches documentation, security patterns, and best practices from an external 'Context7' MCP service. It also utilizes well-known dependencies such as Playwright and various Python analysis libraries.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it is designed to ingest and parse untrusted project files and git metadata (ingestion points in modules/code-review/core-classes.md and modules/refactoring/ai-workflows.md). Malicious code or comments within these analyzed files could potentially manipulate the AI agent's logic during test generation or command execution (capabilities in modules/static-analysis.md). The implementation lacks explicit data boundary markers or sanitization for these workflows.

moai-workflow-testing