The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes data from various external file formats including Word (.docx), Excel (.xlsx), and CSV. This content is intended to be used within AI prompts, creating a surface for indirect prompt injection. A malicious file could contain instructions designed to hijack the agent's persona or extract information. Ingestion points: Content is read from external files via scripts/convert_formats.py and scripts/parse_formats.py. Boundary markers: System prompts in prompts/test-case-reviewer_EN.md do not use delimiters or instructions to ignore embedded commands. Capability inventory: The skill can write files to the artifacts/ directory and execute local commands via subprocess.call. Sanitization: Extracted content is not validated or sanitized before prompt construction.
[COMMAND_EXECUTION]: Internal scripts utilize subprocess.call to chain conversion and parsing tasks. While the implementation uses list-based arguments to mitigate shell injection, the skill relies on the ability to spawn local processes to perform its core conversion and template-batching functions.

test-case-reviewer-en