The Agent Skills Directory

[COMMAND_EXECUTION]: The persona is designed to create and execute shell scripts. The documentation in 'references/README.md' details a workflow where the agent writes test scripts to the 'tests/qa/' directory and executes them using 'chmod +x' and './path/to/script'. While essential for the QA role, this capability allows the execution of arbitrary commands.
[REMOTE_CODE_EXECUTION]: The skill utilizes network tools such as 'curl', 'grpcurl', and 'httpie'. These tools are used to interact with API endpoints, which could include external or remote services, potentially allowing interaction with attacker-controlled servers or the download of malicious payloads.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of 'beads' (tasks) and source code. If these inputs contain malicious instructions, the agent might execute them as part of its testing or 'self-healing' bug-fixing logic. This is particularly critical as the agent can load the 'coder' skill to apply changes directly. -- Ingestion points: Task descriptions retrieved via the 'LIST_BEADS' command and project file content during analysis. -- Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded instructions when processing external data. -- Capability inventory: Local command execution via bash, network operations via curl, and the ability to modify and commit code by loading high-privilege skills like 'coder'. -- Sanitization: Absent. No sanitization, escaping, or validation of external content is mentioned before interpolation into prompts or scripts.

qa-engineer