The Agent Skills Directory

[DATA_EXPOSURE]: The skill includes a hardcoded absolute filesystem path in the bun test command: /Users/zbeyens/git/plate/. This exposes a specific username ('zbeyens') and local directory structure, which constitutes a leak of environment-specific information and limits the skill's portability.
[COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands including bun test, pnpm test, and rg (ripgrep). While these are intended for testing and auditing, they grant the agent significant control over the local environment to run arbitrary code and search files.
[INDIRECT_PROMPT_INJECTION]: The skill processes external repository data which could be attacker-controlled.
Ingestion points: Reads source files from packages/**/src/** and coverage reports (lcov.info).
Boundary markers: Absent; there are no instructions to ignore embedded commands or delimiters for processed content.
Capability inventory: Execution of shell commands via bun and pnpm, searching via rg, and writing files to the docs/plans/ directory.
Sanitization: Absent; the skill does not specify validation or sanitization for the data it processes before using it to generate recommendations or reports.

testing-review