The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes a bash script find-polluter.sh which executes npm test on local files to identify which test causes state pollution. This is a standard debugging utility.
[DATA_EXPOSURE]: The instructions in SKILL.md provide examples of diagnostic instrumentation, such as checking environment variables and keychain identities (security list-keychains). While these are presented as examples for debugging signing or configuration issues, they demonstrate how the agent might access sensitive metadata during a troubleshooting session.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze potentially untrusted external data, such as stack traces, build logs, and error messages from the environment. This creates a surface for indirect prompt injection where malicious instructions could be embedded in logs or code being debugged.
Ingestion points: Error messages, stack traces, and log files analyzed during Phase 1 (Root Cause Investigation).
Boundary markers: None explicitly defined for isolating untrusted log data.
Capability inventory: File system access, shell command execution (npm, find, security), and the ability to write diagnostic code.
Sanitization: The skill does not prescribe specific sanitization for data extracted from error logs before analysis.

systematic-debugging