The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The Stage 1 Investigation Guide (stages/01-investigation/investigation-guide.md) explicitly authorizes the agent to fetch and execute external code, scripts, and repositories to understand technical issues. This includes 'downloading or cloning external repositories' and 'writing small scripts' from untrusted sources. This behavior allows for the execution of unverified remote code within the agent's environment.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: The agent ingests untrusted data from user-provided requirement intents, bug report evidence, and external documentation or repositories during Stage 1. Boundary markers: The skill body and guides do not specify the use of delimiters or 'ignore embedded instructions' warnings for this external data. Capability inventory: The agent has access to file system operations, git commands, the 'Speak' tool, and arbitrary shell/script execution. Sanitization: No sanitization or validation logic is defined to inspect ingested data for malicious instructions before processing.- [COMMAND_EXECUTION]: The workflow involves extensive use of shell commands, including git operations (checkout, merge, push, worktree), system utilities (ripgrep, wc), and any arbitrary commands necessary for 'Investigation' or 'Executable Validation'. This broad authority, combined with the lack of source verification, increases the risk of command injection or misuse.

software-engineering-workflow-skill