The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes mcp__serena__execute_shell_command to start a background npm process and execute a local script ./scripts/test-websocket.sh. Running scripts from a local repository can lead to arbitrary code execution if the environment or repository contents are not verified.
[DATA_EXFILTRATION]: Includes a hardcoded absolute file path /Users/nick/Desktop/claude-mobile-expo which reveals the author's local directory structure and username.
[DATA_EXFILTRATION]: Uses relative path traversal (../../../tmp/test-project/test.txt) in mcp__serena__read_file to access files potentially outside the immediate working directory.
[PROMPT_INJECTION]: The skill establishes a connection to a WebSocket server (ws://localhost:3001/ws) and processes messages as if they are system tool outputs, creating an indirect prompt injection surface. 1. Ingestion points: The continuous message stream from the WebSocket server. 2. Boundary markers: Absent; there are no instructions to the agent to treat this data as untrusted or to ignore embedded instructions. 3. Capability inventory: The agent has access to shell command execution and filesystem read/write tools. 4. Sanitization: Absent; the skill does not specify any validation or sanitization of the JSON messages received from the server before the agent acts upon them.

websocket-integration-testing