The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute shell commands for version control and environment setup.
Evidence: The skill executes git commit when the user types "commit" at the end of a task.
Evidence: The skill identifies missing technology stacks and provides/executes installation commands (e.g., package managers like npm, pip) to install suggested libraries.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download of third-party dependencies from external registries during the stack setup phase.
Evidence: Section '새 기술 스택이 필요한 경우' (New Technology Stack Needed) describes suggesting and installing external libraries (Axios, Prisma, JWT, etc.) based on task requirements.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the local project environment.
Ingestion points: The skill reads session files in .tdd-sessions/, project-wide configuration in ARCHITECTURE.md and CONVENTIONS.md, and scans arbitrary source and test files to infer patterns.
Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions embedded within the files it reads (e.g., instructions hidden in markdown or code comments).
Capability inventory: The skill possesses significant capabilities, including reading/writing/deleting files and executing shell commands, which could be abused if an injection is successful.
Sanitization: The skill does not perform sanitization or validation of the content read from files before using it to generate implementation code or determine the next phase of the TDD cycle.

tdd-task