The Agent Skills Directory

Local Command Execution: The skill utilizes subprocess.run in its Python scripts to invoke internal PowerShell and Bash helper scripts. This is part of its design for performing safety linting on generated test cases. These executions are limited to the skill's own local scripts and process data via temporary files rather than direct shell arguments.
External Data Ingestion: The skill processes user-supplied CSV and Excel files to generate test stimuli, creating a potential surface for indirect prompt injection. Mitigation is built into the workflow through a safety refusal pipeline (scripts/import_corpus.py) that scans ingested content against a documented taxonomy of prohibited patterns. Additionally, the skill uses safe YAML serialization methods to ensure data remains within its defined structure.
Standard Dependencies: The skill relies on well-known third-party libraries such as openpyxl for spreadsheet processing and pyyaml for YAML handling. These dependencies are standard in the ecosystem and are used for their intended purposes without signs of malicious modification or suspicious usage patterns.

vally-tests