The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands for environment detection, testing, and building, including bun test, bun run build, bun run lint:fixed, and vue-tsc across different module directories.- [DATA_EXFILTRATION]: Accesses sensitive paths in the user's home directory, specifically reading ~/.claude/settings.json to verify feature flags and searching through ~/.claude and ~/.agents to locate related skill components.- [EXTERNAL_DOWNLOADS]: Utilizes the FigmaRemote MCP to download design data and images from external URLs provided in the figma input parameter.- [PROMPT_INJECTION]: Contains a surface for Indirect Prompt Injection (Category 8) due to the ingestion of external data.
Ingestion points: Processes database schema files (api/db/schema/*.sql) and external design specifications from Figma URLs.
Boundary markers: Absent; the orchestrator does not provide clear delimiters or instructions to ignore embedded prompts when passing these data sources to sub-agents.
Capability inventory: High-privilege environment with access to file writing (Write, Edit), shell command execution (Bash), and tool orchestration (Task).
Sanitization: No evidence of sanitization or validation for content retrieved from external design sources or local schema files before they are interpreted as instructions by the sub-agents.

peach-team