The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to process untrusted data such as error messages and stack traces, which are potential vectors for indirect prompt injection. Malicious content within logs could manipulate the agent's analysis or fix generation steps.
Ingestion points: Error information collected in prompts/01-diagnose.md (specifically the Error message, stack trace, and actual behavior fields).
Boundary markers: The diagnostic prompts use structured Markdown sections but do not include explicit instructions to the AI to ignore any embedded commands or instructions found within the logs.
Capability inventory: The skill has access to powerful tools: Bash, Read, Grep, Glob, and AskUserQuestion.
Sanitization: The skill lacks any explicit sanitization, escaping, or validation mechanisms for the ingested error data before it is presented to the model.
[COMMAND_EXECUTION]: The skill is configured with the Bash tool and includes several scripts (scripts/run-test-debug.sh, scripts/run-e2e-debug.sh, scripts/run-typecheck.sh) to execute local tests and checks. This high-privileged access is part of the skill's primary purpose but represents a significant security risk if the agent is influenced by malicious input.

debugger