The Agent Skills Directory

[COMMAND_EXECUTION]: The reference implementation for video conversion in references/playwright-config.md uses the execSync function to execute ffmpeg commands. The code performs string interpolation of the webmPath variable directly into the shell command without adequate sanitization. \n
Evidence: The convertToMp4 and convertToGif functions in references/playwright-config.md use template literals like ffmpeg -i \"${webmPath}\" .... \n
Vulnerability: The baseName used to construct the path is derived from testInfo.title, which only replaces spaces with underscores. If an attacker can influence the test title or feature name (e.g., through a malicious scenario), they could inject shell metacharacters (e.g., ;, &, |) to execute arbitrary commands on the system running the Playwright tests. \n- [PROMPT_INJECTION]: The skill's primary function is to interpret user-defined scenarios and persona descriptions to generate executable Playwright scripts, which introduces a surface for indirect prompt injection. \n
Ingestion points: User-provided demo requests, story flows, and persona behavior profiles (referenced in SKILL.md and references/implementation-patterns.md). \n
Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat input scenarios as untrusted data or to ignore instructions embedded within the scenario text. \n
Capability inventory: The agent has the ability to generate and execute browser automation scripts via Playwright and perform shell operations via execSync in its reference helpers. \n
Sanitization: No sanitization or validation mechanisms are described for strings extracted from scenarios and used in code generation or CLI parameters. \n- [EXTERNAL_DOWNLOADS]: The skill includes documentation for setting up a CI/CD environment that downloads external binaries and packages. \n
Evidence: The GitHub Actions workflow in references/playwright-config.md installs ffmpeg via apt-get and Playwright browser binaries via npx playwright install. \n
Context: These downloads target well-known and trusted sources (official Linux package repositories and the Playwright project) and are consistent with the skill's operational requirements.