The Agent Skills Directory

EXTERNAL_DOWNLOADS (SAFE): The skill recommends installing common, well-known development libraries (pytest-bdd, behave, and @cucumber/cucumber) from official public registries (PyPI and npm). These are trusted sources for software testing frameworks.\n- COMMAND_EXECUTION (SAFE): The guide provides instructions for executing standard test runners like pytest, behave, and cucumber-js. These commands are within the expected functional scope of an automation skill and do not involve unauthorized system access or privilege escalation.\n- INDIRECT_PROMPT_INJECTION (SAFE): The skill processes user-supplied feature requirements to formulate Gherkin specifications. (1) Ingestion points: User requests for feature definitions (SKILL.md Phase 1). (2) Boundary markers: Uses Gherkin keywords (Given, When, Then) as structural delimiters. (3) Capability inventory: File writing and test execution commands. (4) Sanitization: User input is transformed into structured Gherkin text, preventing direct instruction leakage into the execution layer.\n- PROMPT_INJECTION (SAFE): The 'AI Red Flags' section in the skill body provides procedural guardrails for the agent to ensure process integrity (spec-first approach), which is a safety best practice for BDD automation.

bdd-practices