The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/validate.sh script executes several shell commands to assess project health, including npm start to boot the application and npm test to run the test suite. It also uses background process management to start and subsequently kill the application during smoke tests.
[CREDENTIALS_UNSAFE]: The validation logic in scripts/validate.sh and the documentation in references/detection-guide.md describe techniques for reading local .env files to extract sensitive credentials like DATABASE_URL. It attempts to use these extracted secrets to establish live database connections via psql or mongosh to verify connectivity.
[REMOTE_CODE_EXECUTION]: The skill utilizes npx to execute various analysis tools such as eslint and tsc. This mechanism can involve downloading and executing packages from the npm registry if they are not already cached locally.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted code and configuration files from the user's project directory.
Ingestion points: The entire project directory, including package.json, source code files, and environment configurations (scripts/validate.sh).
Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present when processing file content.
Capability inventory: Full shell execution (npm), file system read/write, and local network requests (scripts/validate.sh).
Sanitization: No sanitization or validation of the ingested code is performed before execution or reporting.

completeness-validator