The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes local shell commands including grep for searching the codebase, curl for verifying local server responses on localhost, and node to trigger build scripts such as build-css.js. These actions are standard for the skill's documented purpose of verifying development fixes.
[DATA_EXFILTRATION]: Performs network requests via curl restricted to localhost. This is a whitelisted behavior for internal service validation and does not constitute unauthorized data exfiltration.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it ingests untrusted data from external web pages using browser automation tools. Ingestion points: Web page content and accessibility trees via Playwright or Chrome DevTools in Phase 2. Boundary markers: No explicit delimiters are used to separate ingested web content from instructions. Capability inventory: The agent has access to grep, curl, and node. Sanitization: No sanitization of retrieved DOM content is specified. This surface is inherent to the skill's primary function and no malicious patterns were detected.

bullshit