The Agent Skills Directory

[PROMPT_INJECTION]: The skill utilizes 'Master Prompts' in references/master_qa_prompt.md and references/llm_prompts_library.md that employ persona adoption ('senior QA engineer with 20+ years of experience at Google') and imperative directives ('CRITICAL INSTRUCTIONS', 'MANDATORY RULES') designed to hijack agent behavior and bypass default constraints.\n- [COMMAND_EXECUTION]: The onboarding guide in references/day1_onboarding.md contains explicit instructions to achieve persistence on the host system by modifying shell profile files such as ~/.bashrc and ~/.zshrc to include persistent environment variable changes.\n- [REMOTE_CODE_EXECUTION]: The skill directs users to execute commands like git clone and pnpm install from unverified external sources in references/day1_onboarding.md, which can lead to the execution of malicious code during the environment setup process.\n- [PROMPT_INJECTION]: The autonomous execution workflow establishes an indirect prompt injection surface by instructing the agent to read and 'execute all steps exactly as documented' from external Markdown files (e.g., 02-CLI-TEST-CASES.md). This process lacks sanitization, validation, or boundary markers, allowing a compromised test case file to execute arbitrary system commands via the agent's available tools.

qa-expert