The Agent Skills Directory

PROMPT_INJECTION (LOW): The SKILL.md file contains explicit instructions to bypass safety protocols and user confirmation.
Evidence: The "Iron Laws" section states "不使用 ask 工具询问用户，直接拷贝和写入" (Do not use ask tool to inquire users, copy and write directly).
Evidence: The "Rationalization Counter" section explicitly rejects safety-focused reasoning: "'询问用户确保安全' -> '浪费时间'" ('Asking the user ensures safety' -> 'Waste of time').
COMMAND_EXECUTION (MEDIUM): The skill uses a sub-agent with bash: true and write: allow permissions to generate and execute code at runtime without human-in-the-loop verification.
Evidence: SKILL.md Step 4 instructs the sub-agent to perform a "validation build" which includes "运行 cmake 配置和编译" (running cmake configuration and compilation) on newly generated files.
Evidence: resources/scripts/generate-cmake-utils.sh dynamically generates complex CMake logic (UnitTestUtils.cmake) that is later executed.
INDIRECT_PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted project data and possesses high-privilege capabilities.
Ingestion points: SKILL.md Step 4.1 specifies that the agent analyzes project files like CMakeLists.txt and .pro files.
Boundary markers: None detected in the provided skill instructions.
Capability inventory: The skill uses bash: true and write: allow to generate code and perform a validation build.
Sanitization: No evidence of sanitization or escaping of project-derived strings before they are used in code generation templates or shell commands.

qt-unittest-build