The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill uses multipass to launch and manage an isolated virtual machine. Executing commands like multipass launch and multipass exec is a standard way to isolate the test environment from the host system.\n- [EXTERNAL_DOWNLOADS] (SAFE): The setup script installs standard developer tools (tox, astral-uv, concierge) from reputable sources (Snap store, PyPI). Although the source organization (Canonical) is not in the predefined trusted list, it is the maintainer of the Ubuntu ecosystem.\n- [DATA_EXPOSURE] (LOW): The skill mounts the current working directory into the VM using multipass mount. This grants the VM access to project files, which is necessary for testing but could expose sensitive files (e.g., .env, .ssh config) if they exist in the repository root.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill reads and interacts with repository code and executes tests using tox. This creates an attack surface where malicious instructions in the code being tested could influence agent behavior. \n
Ingestion points: Repository files mounted in /workdir.\n
Boundary markers: None identified.\n
Capability inventory: Command execution (multipass exec), file writing (tox test generation).\n
Sanitization: None.

charmkeeper-tests