The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @finalrun/finalrun-agent package from the npm registry, which is the official tool maintained by the skill author.
[COMMAND_EXECUTION]: The agent uses the finalrun CLI to execute diagnostic, validation, and testing commands within the project repository.
[PROMPT_INJECTION]: The skill is designed to read and process untrusted data from the repository's .finalrun/ directory, creating a surface for indirect prompt injection. * Ingestion points: Files located in .finalrun/tests/, .finalrun/suites/, .finalrun/env/, and .finalrun/config.yaml. * Boundary markers: No delimiters or specific instructions are provided to the agent to distinguish ingested file content from system instructions. * Capability inventory: The agent has the capability to install global packages and execute shell commands via the finalrun CLI. * Sanitization: The instructions do not specify any validation or sanitization of the file content before it is processed by the agent.
[DATA_EXFILTRATION]: The skill includes explicit security guidelines for handling sensitive API keys and environment variables, instructing the agent to never guess secrets and to require manual user configuration for credentials.

use-finalrun-cli