The Agent Skills Directory

[PROMPT_INJECTION]: The skill passes user-provided input via the $ARGUMENTS variable into the /workflows:work command. This establishes an indirect prompt injection surface where untrusted data could potentially influence the agent's logic during the task loop or browser verification phase.
Ingestion points: $ARGUMENTS variable in SKILL.md.
Boundary markers: None present to delimit user input from instructions.
Capability inventory: Browser interaction (test-browser), version control/changeset management (/changeset), and review processes.
Sanitization: No sanitization or validation of the arguments is performed before execution.

work