The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute multiple local scripts (scripts/generate_test_plan.js, scripts/office/soffice.py, and scripts/office/validate.py) to generate and validate files. These operations involve executing Python and Node.js code on the system with user-influenced document paths.
[DATA_EXFILTRATION]: The instructions contain a hardcoded absolute path to a specific session directory: /sessions/awesome-blissful-hypatia/mnt/.skills/skills/docx/SKILL.md. Hardcoding session-specific identifiers can lead to information disclosure regarding the host's file system structure or attempts to access data across session boundaries.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and extract data from untrusted Product Requirement Documents (PRDs) provided by users.
Ingestion points: User-uploaded PRD or requirements files processed in Phase 2 and Phase 3.
Boundary markers: Absent. There are no instructions to use delimiters or ignore potential embedded instructions within the uploaded text.
Capability inventory: The skill has access to script execution (Node.js/Python) and file system write operations in the output directory.
Sanitization: Absent. The skill extracts content directly into placeholders for document generation without validation or escaping mechanisms.

test-plan-gen