The Agent Skills Directory

[Prompt Injection] (MEDIUM): The instructions use forceful imperative language ("MANDATORY", "MUST call the Write tool", "Never skip any file", "Always write them fresh") to steer agent behavior. While intended to ensure completeness, this logic discourages the agent from performing safety checks or questioning requests that might overwrite critical system files via path manipulation.
[Credentials & Data Exposure] (HIGH): The skill's primary function involves managing environment files (.env.[type]) and account payloads (acc_[type].json). Generating files that typically contain sensitive credentials based on user-provided parameters creates a high-risk surface for credential harvesting or the introduction of malicious configurations.
[Indirect Prompt Injection] (HIGH): This skill has a significant vulnerability surface for indirect injection.
Ingestion points: User-provided account types, file paths, pipeline names, and task parameters in Step 2.
Boundary markers: Absent. The skill does not define delimiters for untrusted data or instruct the agent to ignore instructions embedded in user inputs.
Capability inventory: The agent is granted the ability to use the Write tool to create multiple files and the Read tool to load external content.
Sanitization: Absent. There are no instructions to validate user-provided paths for traversal attacks or to sanitize the content of the generated Robot Framework files.
[Command Execution] (MEDIUM): The skill generates Robot Framework (.robot) files, which are executable scripts. An attacker could provide malicious logic in the user request (e.g., via triggered task parameters) that the agent then interpolates into a test script, leading to unauthorized command execution when the test suite is eventually run.

end-to-end-pipeline-verification