The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes specifications from untrusted external sources including Jira, Linear, and GitHub, creating a surface for indirect prompt injection where malicious tickets could attempt to override agent behavior. * Ingestion points: Data is retrieved from external systems via MCP tools or the browse tool as specified in SKILL.md. * Boundary markers: No explicit delimiters or instructions to disregard embedded commands in fetched data are provided. * Capability inventory: The agent has access to Bash for shell execution and Write for file system operations. * Sanitization: No sanitization of the fetched specification content is defined before the agent incorporates it into a QA plan.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute browse CLI commands and interact with mobile simulators. While these are intended operations, the parameters for these commands are extracted from external inputs which could lead to command injection if handled improperly. The skill includes a mitigation by instructing the agent to confirm the QA plan with the user before executing any actions.

browse-qa