The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes untrusted data from external or local web environments without sufficient isolation.
Ingestion points: Browser console logs, DOM snapshots, and network request details are retrieved via mcp__chrome-devtools__* tools within the tester, reproducer, and verifier roles.
Boundary markers: None identified. There are no explicit delimiters or instructions provided to the analyzer role to ignore or treat embedded instructions within the browser data as non-executable text.
Capability inventory: The skill has significant capabilities, including modifying source code (Edit and Write tools used by the fixer role) and spawning subagents (TeamCreate and Agent tools used by the coordinator role).
Sanitization: No sanitization or validation logic is present to filter malicious instructions that might be embedded in the UI or console output of a debugged application.
[COMMAND_EXECUTION]: The skill utilizes tools for system interaction and file modification that are sensitive if manipulated.
Evidence: The coordinator role uses Bash to execute pwd for workspace resolution, and the fixer role uses the Edit tool to apply modifications to the project's source code. While these operations are fundamental to the skill's purpose, they represent the execution of high-privilege operations that could be misdirected if an indirect prompt injection succeeds.

team-frontend-debug