The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Node.js scripts (verify-coverage.js, export-tracker-artifact.js) to validate code coverage and generate tracker-ready artifacts. It also correctly utilizes the target repository's native testing infrastructure (e.g., npm test, pytest) for defect reproduction and regression verification.
[SAFE]: The skill follows secure engineering practices by explicitly avoiding the storage of secrets or direct connections to third-party APIs (Jira/Linear). Instead, it generates machine-readable JSON and markdown drafts, ensuring that sensitive integration remains outside the skill's scope.
[SAFE]: The instructions in SKILL.md promote technical discipline and repository discovery without attempting to bypass model safety filters, extract system prompts, or override agent constraints.
[SAFE]: The skill identifies a surface for indirect prompt injection (Category 8) as it processes external bug reports and repository code. However, this risk is mitigated by strong boundary markers: the skill mandates the use of specific markdown templates (assets/bug-discovery-template.md) and canonical JSON schemas (schemas/bug-discovery-report.schema.json) for all outputs. Ingestion points include user descriptions and tracker tickets, while capabilities are limited to local validation and reporting, with no unsafe interpolation of untrusted data into executable paths.

bug-fix-lifecycle