The Agent Skills Directory

[COMMAND_EXECUTION]: The interactive Bash scripts scripts/create_bug_report.sh and scripts/generate_test_cases.sh use the eval command to process user-provided input. Specifically, the prompt_input function takes raw user input and evaluates it within a string: eval "$var_name=\"$input\"". This pattern is highly susceptible to command injection. An attacker or malicious user could provide input containing subshell expansions (e.g., $(command)) or backticks, leading to arbitrary code execution on the user's system when the script is run.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its design to ingest external data from Figma URLs.
Ingestion points: Figma URLs are processed in SKILL.md and references/figma_validation.md to extract design specifications.
Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded prompts within the design data.
Capability inventory: The skill includes Bash scripts capable of file system writes (create_bug_report.sh, generate_test_cases.sh) and has access to the Figma MCP for network-based data retrieval.
Sanitization: There is no evidence of input sanitization or validation of the data retrieved from external Figma design files before it is used to generate test cases or bug reports.

qa-test-planner