The Agent Skills Directory

[CREDENTIALS_UNSAFE] (MEDIUM): Access to sensitive application secrets. The bin/conductor-setup script symlinks .env and config/master.key from a parent path into the current workspace. While intended for development, this exposes the application's primary encryption keys and environment secrets to any processes running within the agent context.
[EXTERNAL_DOWNLOADS] (MEDIUM): Unverifiable dependency installation. The skill executes bundle install and npm install within the setup script. Since these commands fetch external code from public registries based on potentially untrusted project files, it creates a risk of supply chain attacks or remote code execution.
[COMMAND_EXECUTION] (MEDIUM): Dynamic script creation and execution. The skill creates shell scripts (bin/conductor-setup, script/server), modifies their permissions with chmod +x, and explicitly instructs the agent to execute them for verification purposes.
[PROMPT_INJECTION] (LOW): Indirect injection surface. The skill performs automated edits on existing Rails configuration files (sidekiq.rb, cable.yml, etc.) based on their content. A malicious file within a target repository could use specially crafted comments or structures to influence the agent's logic during the update process.
Ingestion points: Reads config/initializers/sidekiq.rb, config/cable.yml, config/environments/development.rb, and config/initializers/rack_attack.rb.
Boundary markers: None. The agent is instructed to find and replace Redis strings without clear delimiters.
Capability inventory: Uses Bash for file creation, chmod, and package managers.
Sanitization: None. The skill directly interpolates configuration changes into the files.

conductor-setup