The Agent Skills Directory

[SAFE]: Static analysis flags for destructive commands in references/testing-strategies.md are false positives. The file contains instructional examples for creating a large dummy file with dd for testing purposes and performing cleanup using rm on those specific temporary files in the /tmp/ directory. No actual destructive system commands targeting root or sensitive paths are present.
[COMMAND_EXECUTION]: The skill extensively documents the use of bash execution via the !command syntax. It explains how to use these commands to gather project context, such as git status or npm test. The instructions include security-focused best practices, specifically recommending the use of the allowed-tools frontmatter field to restrict bash access to specific, safe subcommands (e.g., Bash(git:*)).
[DYNAMIC_CONTEXT_INJECTION]: The skill provides guidance on the !command feature which allows shell command execution at the time a slash command is processed. This is presented as a standard platform feature for dynamic context gathering.
[PROMPT_INJECTION]: The documentation includes validation patterns intended to prevent unintended behavior. It specifically teaches developers how to sanitize user-provided arguments using shell tools like grep to ensure input matches expected patterns before processing, which is a key security mitigation.

command-development