The Agent Skills Directory

[COMMAND_EXECUTION]: The skill explicitly instructs the agent to use the Bash tool to perform live testing, specifically mentioning the use of curl in the provided JSON output examples to verify endpoint behavior. This encourages the execution of arbitrary shell commands to interact with external services.
[DATA_EXFILTRATION]: The instructions mandate making "ACTUAL HTTP requests" to modified endpoints using "real payloads." This behavior introduces a risk where sensitive development data, environment variables, or authentication tokens could be transmitted to external or untrusted endpoints during the automated testing process.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection because its primary function is to ingest and verify data from external API responses.
Ingestion points: External data enters the context via WebFetch and Bash (curl) commands executed against modified API endpoints as defined in SKILL.md under "Live Testing".
Boundary markers: The skill does not define delimiters or provide instructions to the agent to ignore or sanitize embedded instructions within the API responses it receives.
Capability inventory: The agent is granted extensive capabilities including Bash execution, Write, Edit, and MultiEdit, which could be exploited if an API response contains malicious instructions.
Sanitization: There are no mentioned sanitization or validation steps for the content returned from external network requests before it is processed by the agent.

agent-api-stability-sentinel