The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is explicitly designed to read untrusted data from the repository and interact with external web content, creating a significant attack surface.\n
Ingestion points: Phase 1 (reading changed component files), Phase 2 (reading existing test files), and Phase 3 (navigating to http://localhost:8585).\n
Boundary markers: None. The agent is not instructed to ignore instructions embedded in the data it reads.\n
Capability inventory: Access to git, yarn, and powerful browser automation tools (mcp__playwright__browser_*).\n
Sanitization: None. External content is processed as-is, which could allow an attacker to embed instructions in code comments or HTML to hijack the agent context.\n- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands including git diff and yarn eslint. These commands operate on the local filesystem and could be exploited if the repository contains malicious configuration files (e.g., a malicious .eslintrc).\n- CREDENTIALS_UNSAFE (LOW): Contains hardcoded default credentials (admin@open-metadata.org / admin). Although these are standard defaults for the OpenMetadata project, hardcoding credentials in instructions is a security risk.

playwright-validation