The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests project source code and git metadata to inform test generation and execution. This external data is interpolated into prompts for the ccw cli and subagents without explicit sanitization.
Ingestion points: roles/strategist/role.md (via git diff output), roles/generator/role.md (via source file reading), and roles/executor/role.md (via test result analysis).
Boundary markers: Absent; project content is directly embedded in prompts for worker agents and the ccw cli tool.
Capability inventory: The skill utilizes Bash, Write, Edit, Agent, TeamCreate, and TaskCreate tools, which could be misused if instructions are successfully injected into the pipeline.
Sanitization: No explicit filtering, escaping, or validation of the ingested source code is performed prior to prompt interpolation.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment analysis (git diff) and to execute standard test runners like Jest, Pytest, and Vitest. While these are expected behaviors for a testing skill, they involve executing shell commands based on the state and configuration of the project being tested.
[REMOTE_CODE_EXECUTION]: The skill generates and subsequently executes test code. This workflow involves the generator role creating scripts that the executor role then runs via system commands. This creates a potential path for code execution triggered by instructions derived from untrusted project inputs.

team-testing