The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs extensive shell command execution to manage the development cycle. This includes git operations (branching, pulling, pushing), project-specific test commands (e.g., npm test, pytest), and GitHub CLI (gh) commands for pull request management. These commands are executed within the local development environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is designed to read an external work document or plan (provided via arguments) and systematically execute the tasks described within it. A malicious input document could contain instructions formatted as tasks that might lead the agent to perform unintended or harmful actions during the implementation phase.
Ingestion points: The skill reads the input document from #$ARGUMENTS in SKILL.md.
Boundary markers: The input is wrapped in <input_document> tags, which provide some structure but do not prevent the agent from following instructions contained within the tags.
Capability inventory: The skill has access to shell execution (bash), git management, browser automation (agent-browser), and network-enabled skills (imgup).
Sanitization: There is no explicit sanitization or validation of the tasks extracted from the input document before execution.
[DATA_EXFILTRATION]: The workflow includes a step to upload UI screenshots to external third-party image hosting services (such as Pixhost, Catbox, or Imagebin) using the imgup skill. While this is intended for providing visual context in pull requests, it involves transmitting data from the local environment to external services that are not on the standard whitelist.

ce-work