The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates bash and Puppeteer scripts in the project's tests/manual/ directory, grants them execution permissions via chmod +x, and executes them to verify application functionality. It utilizes the platform's Monitor tool for streaming long-running test output.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes Acceptance Criteria (AC) and research findings to generate executable test scripts. This could potentially be exploited if malicious instructions are embedded in the story documentation.
Ingestion points: Acceptance Criteria and research data are ingested from story comments (generated by other skills like ln-521) and project-specific documentation files such as docs/project/infrastructure.md and docs/project/runbook.md.
Boundary markers: The skill relies on predefined templates (e.g., template-api-endpoint.sh) to guide the agent during script generation, providing a structural boundary, but it lacks explicit instructions to ignore embedded commands within the AC.
Capability inventory: The worker runtime and generated scripts have capabilities including file system access (reads docs, writes scripts/results), permission modification (chmod), and network operations (curl / Puppeteer).
Sanitization: The skill documentation does not mention specific sanitization or escaping of the ingested Acceptance Criteria before they are interpolated into the generated shell scripts.

ln-522-manual-tester