The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple system commands including vercel, bun, rg, and node. It specifically runs bun src/index.ts from a local repository and uses node -e to execute inline JavaScript.
[CREDENTIALS_UNSAFE]: The skill instructs the agent to source .env.production.local. This loads highly sensitive production credentials and secrets (such as database connection strings) into the active shell environment. While a guardrail prohibits printing these secrets, they remain accessible to the agent and any commands it executes.
[REMOTE_CODE_EXECUTION]: The skill utilizes node -e to perform dynamic code execution. The generated script imports the @planetscale/database library and connects to a production database using the environment's DATABASE_URL to perform diagnostic queries.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through log processing. Ingestion points: Axiom queries (axiom query) and Vercel runtime logs (vercel logs). Boundary markers: None provided in the instructions. Capability inventory: Local command execution, file system access, and production database access. Sanitization: No sanitization or validation of log content is performed before the agent processes and interprets the data.

course-builder-incident-forensics