The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/generate_supertest_tests.py dynamically assembles JavaScript test files by interpolating API endpoint paths and methods directly into string templates. Because these files are subsequently executed by the test runner, a maliciously crafted API definition containing JavaScript escape sequences could lead to arbitrary code execution in the local environment.
[COMMAND_EXECUTION]: The shell script scripts/run.sh automates the generation and execution workflow, invoking Python scripts and running npm install and npm test on generated content.
[EXTERNAL_DOWNLOADS]: The skill and its included CI templates (github-actions-supertest.yml, Jenkinsfile.supertest) utilize npm install to download dependencies from the public npm registry.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data formats that influence agent-driven code generation. * Ingestion points: scripts/parse_api_sources.py ingests various external formats including OpenAPI, Postman, and WSDL. * Boundary markers: There are no explicit delimiters or 'ignore' instructions provided to the code generation logic to distinguish data from instructions. * Capability inventory: The skill has the capability to write files to disk and execute them via shell commands in scripts/run.sh. * Sanitization: The _safe_name function in scripts/generate_supertest_tests.py provides regex-based sanitization for function names, but the API endpoint paths themselves are interpolated into the test logic without sufficient escaping.

api-test-supertest