The Agent Skills Directory

[COMMAND_EXECUTION]: The skill extracts shell commands directly from '.tape' files and manifest files in the project workspace to validate and record tutorials. Specifically, Step 1.5.4 ('Test Commands Locally') runs extracted commands using 'timeout 5s bash -c "$cmd"', and Step 2.2 ('Process Browser Components') executes commands specified in the 'requires' field of the manifest as background processes.
[REMOTE_CODE_EXECUTION]: Phase 1.6 ('Binary Rebuild') automatically detects the build system (Cargo or Make) and executes build commands ('cargo install' or 'make build') based on the project source. This results in the execution of code defined within the repository's build configuration.
[EXTERNAL_DOWNLOADS]: The skill's error handling section recommends installing external dependencies such as 'vhs' and 'playwright' using 'go install' and 'npm install'. These involve fetching code from well-known registries and repositories.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the project workspace (manifests, tapes, specs) with minimal sanitization. Mandatory Evidence Chain: 1. Ingestion points: .manifest.yaml, .tape, and .spec.ts files; 2. Boundary markers: None present; 3. Capability inventory: Bash tool usage, cargo install, make build, background process execution; 4. Sanitization: Only basic filtering of comments and 'clear' commands.

tutorial-updates