The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local commands for running test suites (such as Jest), linting tools (ESLint/Prettier), and type checking (TypeScript) to ensure code quality and correctness.
[DATA_EXFILTRATION]: The skill utilizes Supabase MCP to execute SQL queries. This is used as a validation mechanism to verify that database operations correctly reflect the implemented business logic.
[REMOTE_CODE_EXECUTION]: Employs Playwright MCP to perform automated browser testing against a local development server (http://localhost:3300) to verify user interface behavior and acceptance criteria.
[PROMPT_INJECTION]: Includes defensive instructions and references to external guardrail protocols (specs/GUARDRAILS.md) to maintain the agent's focus and ensure compliance with project safety rules.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from feature specification markdown files which could potentially contain malicious instructions. This risk is mitigated by a strict, multi-step TDD workflow and frequent reporting to the user.
Ingestion points: Reads project requirements and technical designs from the specs/features/ directory.
Boundary markers: Relies on specific markdown headers like "验收标准" (Acceptance Criteria) to identify valid task data.
Capability inventory: File writing, shell command execution for testing, SQL execution via Supabase MCP, and browser automation via Playwright MCP.
Sanitization: Relies on the structured "Red-Green-Refactor" loop and human-in-the-loop confirmation steps to validate generated code before completion.

feature-implementation