The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to 'Run the exact command that shows the bug' and 'Run a REAL command to test' hypotheses, including tools like sqlite3, grep, and npm test. This autonomous execution of commands is a core feature but carries the risk of executing unintended or harmful commands if the agent's reasoning is compromised.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data to drive its debugging logic. Ingestion points: Data enters the agent context through command outputs, database query results (sqlite3), and file contents (grep) as described in SKILL.md. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the data being analyzed. Capability inventory: The skill has capabilities for subprocess execution (Phase 2), file system modification (Phase 3), and running test suites (Phase 5). Sanitization: No validation or sanitization of external command output is performed before the agent uses that data to form new hypotheses or apply code fixes.

qe-debug-loop