The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructions and examples demonstrate passing sensitive information, such as Xray client secrets and Jira API tokens, directly as command-line arguments (e.g., bun xray auth login --client-secret <secret>). This practice can lead to credentials being exposed in shell history files.
[DATA_EXFILTRATION]: The skill facilitates the transfer of local files and directories to an external endpoint (xray.cloud.getxray.app) via the bun xray run evidence command. While this is a core feature for uploading test results and screenshots, it represents a data exfiltration vector if the agent is prompted to upload sensitive files from the local environment.
[COMMAND_EXECUTION]: The skill executes the bun xray CLI tool via the Bash tool. It accepts user-provided strings for test summaries and definitions, which are then passed to the command-line interface.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It ingests data from external sources, including the Xray Cloud API (via test get or exec get) and local backup files (via backup restore).
Ingestion points: Data enters the agent context through CLI outputs from commands like bun xray test get, bun xray exec get, and when processing files for bun xray backup restore.
Boundary markers: The instructions do not define explicit boundary markers or delimiters to separate retrieved test content from agent instructions.
Capability inventory: The skill has the capability to execute shell commands (Bash), read arbitrary files and directories for evidence uploads, and write to the filesystem via the backup export command.
Sanitization: There is no mention of sanitization or validation of the content retrieved from the Xray API or backup files before it is processed by the agent.
[EXTERNAL_DOWNLOADS]: The CLI communicates with xray.cloud.getxray.app. This is a well-known service associated with the primary purpose of the skill.

xray-cli