The Agent Skills Directory

[SAFE]: The skill defines a structured workflow for auditing applications, prioritizing security and performance. It uses standard command-line tools (npm audit, bandit, lighthouse) and follows established security checklists (OWASP Top 10).
[COMMAND_EXECUTION]: The execution protocol utilizes shell commands (curl, npm, python) for the primary and disclosed purpose of verifying application state and running security scanners. These operations are scoped to the development environment and are expected for a QA agent.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data (the user's source code and application responses). While this presents a surface for indirect prompt injection, the skill includes instructions for the agent to remain 'skeptical by default' and focus on technical verification, which aligns with its primary function.

oma-qa