The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to run several system-level commands to gather environment and project data.
Evidence: SKILL.md specifies running node -v, git log --oneline, git status --porcelain, git diff, and rg (ripgrep).
Evidence: reference.md includes templates for npx tsc, lsof, kill -9, and rm -rf .next.
[CREDENTIALS_UNSAFE]: The skill explicitly accesses and searches files that typically contain sensitive information.
Evidence: reference.md contains instructions to list .env* files and search for process.env usage in client-side code.
Evidence: SKILL.md reads package.json and version control metadata which may contain sensitive project structure details.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) due to its processing of untrusted external data.
Ingestion points: Step 0 in SKILL.md accepts raw terminal logs and natural-language descriptions from the user.
Boundary markers: There are no explicit delimiters or "ignore instructions" markers used when the agent processes the user-provided log content.
Capability inventory: The skill has extensive capabilities including file system reading (cat/rg), file system modification (rm), process termination (kill), and command execution (node/npx/git).
Sanitization: No sanitization or escaping is defined for identifiers (like FileRef or ModulePath) extracted from untrusted logs before they are interpolated into shell commands like rg.

nextjs-debug