The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various local shell commands to facilitate its workflow, including Git for change detection, a vendor-specific CLI tool (ccw), and standard test runners such as npm test, pytest, cargo test, and go test based on the detected project environment.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data and interpolating it into prompts for a CLI tool and a sub-agent.
Ingestion points: The skill reads project plans (plan.json), individual task definitions (.task/*.json), project source code, and the raw output of test failures.
Boundary markers: While the skill uses Markdown backticks to enclose data within its prompts (e.g., in the test-fix-agent instructions), it lacks explicit instructions to the agent to disregard any instructions that might be embedded within those data sources.
Capability inventory: The skill has access to powerful tools including shell command execution (Bash), delegation to other agents (Agent), and direct file modification (Write, Edit).
Sanitization: No sanitization or validation of the ingested content is performed before it is passed to the sub-agent or the ccw cli tool.

workflow-lite-test-review