The Agent Skills Directory

[DATA_EXFILTRATION]: The skill contains troubleshooting instructions in environment-checklist.md that direct the agent to read sensitive local configuration files, including .env.local, .env.test, and supabase/config.toml. It provides specific commands to extract Supabase authentication keys (ANON_KEY and SERVICE_ROLE_KEY) using grep and jq. While intended for local debugging, this represents exposure of sensitive credentials.
[PROMPT_INJECTION]: The skill requires the agent to read application source code (Read src/...) and existing test files to understand implementation details before writing new tests. This creates a surface for indirect prompt injection where malicious content in the source files could attempt to override agent instructions.
Ingestion points: The agent utilizes Read, Grep, and Glob tools to inspect file contents in the src/ and e2e/ directories.
Boundary markers: There are no explicit delimiters or safety warnings instructed for the agent when processing the content of these external files.
Capability inventory: The skill allows the use of the Bash tool for command execution and Write/Edit for file modifications, which could be exploited following a successful injection.
Sanitization: No sanitization or validation steps are defined for handling ingested code content before it is processed by the agent.
[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool for legitimate but high-capability tasks, such as directory listing, file searching, running Playwright tests with npx, and controlling local Supabase service instances.

e2e-testing