The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The assets/install.sh script reads the .claude/settings.local.json file to detect configured MCP tools. This file is highly sensitive as it often contains global agent configurations, API keys, and environment-specific secrets.
[CREDENTIALS_UNSAFE]: The skill is designed to read and process .env.qa, a file explicitly intended to store sensitive application credentials, API keys, and authentication tokens for testing purposes, as shown in the references/env-qa.md template.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted data from external sources—specifically GitHub Pull Request diffs, titles, and bodies, as well as Linear ticket descriptions—and passes this content directly into the prompts of spawned child agents (qa-happy-path, qa-chaos-monkey) without employing boundary markers or sanitization logic to prevent the external content from overriding agent instructions.
[COMMAND_EXECUTION]: The orchestrator uses the Agent tool and the mcp__forge__spawn_claude tool (in rules/orch-spawn.md) to dynamically spawn and provide instructions to multiple child agent instances. These agents are granted access to sensitive environment variables and are tasked with executing tests based on potentially malicious external input, which could lead to unintended command execution in the child environments.

qa-orchestrator