The Agent Skills Directory

[COMMAND_EXECUTION]: The skill employs standard git commands (add, commit, checkout) to manage project state during the implementation workflow. These are appropriate for the skill's stated purpose.
[EXTERNAL_DOWNLOADS]: Instructions include a recommendation to use npx skills@latest add to install secondary helper skills if they are missing. This is a documented feature of the agent's framework and requires explicit user awareness.
[DATA_EXFILTRATION]: Analysis of the workflow logic shows that file modifications are limited to the local project directory (e.g., implementation of features and a progress_*.md log). No network exfiltration patterns or unauthorized data access were found.
[PROMPT_INJECTION]: The skill uses structured instruction sets to maintain an interactive loop with multiple approval gates (e.g., 'Attendere conferma prima di procedere'). It does not attempt to bypass system constraints or override safety filters.

php-tdd-workflow