The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill provides bash snippets intended for the agent to execute to ensure the .scratch/ directory is gitignored.
Evidence: The <gitignore_check> section contains grep -q '.scratch/' .gitignore || echo '.scratch/' >> .gitignore and [ -f .gitignore ] || touch .gitignore.
DYNAMIC_EXECUTION (MEDIUM): The primary workflow involves generating and running scripts at runtime.
Evidence: The <stages> and <workflow> sections describe a loop of writing scripts to a local directory and executing them to observe system behavior.
DATA_EXPOSURE (LOW): The workflow relies on the correct configuration of .gitignore to prevent test scripts containing credentials or sensitive tokens from being committed to version control.
Evidence: The <scratch_directory> section explicitly mentions using real database connections and API keys in scripts located in the .scratch/ folder.
INDIRECT_PROMPT_INJECTION (LOW): The skill processes structured data from scenarios.jsonl which could influence agent behavior if the file is modified by an untrusted party.
Ingestion points: scenarios.jsonl (File access).
Boundary markers: Absent; no specific delimiters or instructions to ignore embedded commands within the JSONL fields are defined.
Capability inventory: The agent has the capability to write and execute files in the .scratch/ directory and perform network operations via api imports.
Sanitization: Absent; the skill does not specify validation or sanitization of the steps or setup fields in the JSONL file.

scenarios