The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute test, coverage, and linting operations. The specific commands executed are dynamically discovered from the project's own configuration files, such as package.json, Makefile, pyproject.toml, and setup.cfg during the Phase 0 discovery process.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its reliance on untrusted local data to determine its execution flow:
Ingestion points: Testing commands and workflow conventions are extracted from local files including CLAUDE.md, package.json, Makefile, and pyproject.toml (Step 0.2).
Boundary markers: The skill lacks explicit instructions or delimiters to protect the agent from executing malicious commands that might be placed inside these configuration files by an attacker.
Capability inventory: The skill has access to high-impact tools including shell execution (Bash), file modification (Write, Edit), and subagent orchestration (Task).
Sanitization: There is no validation or sanitization of the commands discovered in project files before they are interpolated into prompts or executed via the shell.

test-suite