The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions direct the agent to read repository documentation, root instructions, and CI files to determine the 'QA contract'. This creates a surface for indirect prompt injection, where a malicious repository could include instructions in its README or config files to hijack the agent's behavior.
Ingestion points: SKILL.md instructs reading repository docs, root instructions, and CI/build files in Step 1.
Boundary markers: None identified in the instructions to separate untrusted repository content from agent instructions.
Capability inventory: The skill has broad capabilities to execute shell commands, interact with the file system, and perform browser-based testing.
Sanitization: No sanitization or validation of the content read from the repository is specified.
[COMMAND_EXECUTION]: The skill is designed to dynamically discover and execute shell commands for installation, building, and testing (e.g., make, npm, pytest, cargo). While this is the intended purpose, it means the agent will execute whatever commands are defined in the repository's configuration files.
Evidence: scripts/discover-project-contract.py parses files like Makefile and package.json to extract command strings which the agent then executes.
[EXTERNAL_DOWNLOADS]: The skill automates dependency installation via ecosystem-standard package managers. This involves fetching and installing third-party code from external registries.
Evidence: scripts/discover-project-contract.py suggests commands like npm install, pip install -r requirements.txt, and go mod download.

qa-execution