The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external web applications while possessing file-write and command-execution capabilities.
Ingestion points: The agent navigates to and reads content (HTML, scripts, API responses) from user-provided or auto-detected URLs via a headless browser.
Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions embedded within the target website's content.
Capability inventory: The skill uses Bash, Write, Edit, and Glob tools, allowing it to modify source code, commit to git, and execute shell scripts.
Sanitization: No sanitization or validation of the web content is performed before the agent uses it to make decisions about code modifications or command execution.
[COMMAND_EXECUTION]: The skill executes shell commands for repository management and environment checks.
Executes git diff, git log, git add, git commit, and git revert to manage the bug-fixing lifecycle.
Runs a local setup script: bash "$CLAUDE_PLUGIN_ROOT/scripts/clean-tree-check.sh" to verify the state of the workspace.
[COMMAND_EXECUTION]: The skill dynamically generates and executes regression tests as part of the bug-fixing loop. It studies existing test patterns and creates new test files which are then executed using local test runners to verify fixes.

qa