The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various shell scripts (metro.sh, logs.sh, hmr.sh) and system utilities like xcrun to manage the local React Native environment. It also provides a way to evaluate arbitrary JavaScript expressions within the application via cdp-bridge.js eval.
[DATA_EXFILTRATION]: The skill captures and processes application console logs and network traffic. While intended for debugging, this involves handling runtime data that may contain sensitive information if logged by the application.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8).
Ingestion points: Untrusted data from the debugged application enters the agent context via cdp-bridge.js console, cdp-bridge.js network, and cdp-bridge.js tree as described in SKILL.md.
Boundary markers: Subagent prompts lack explicit delimiters or instructions to ignore potential commands embedded in the captured application data.
Capability inventory: The skill is granted Bash, Read, and Agent tools, which could be exploited if an injection occurs.
Sanitization: There is no evidence of sanitization or validation of the ingested logs or network data before processing by subagents.

debug