The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is instructed to automatically detect and execute build, test, and lint commands from project configuration files such as package.json, Makefile, Cargo.toml, and go.mod (found in Step 4.1 of SKILL.md).
[REMOTE_CODE_EXECUTION]: Execution of arbitrary scripts defined in the local codebase (e.g., npm run build or make test) creates a remote code execution vector if the project repository contains malicious configurations.
[PROMPT_INJECTION]: The agent accepts and processes external task_definition and iteration_findings inputs, which could be used to override the agent's constraints or safety guidelines.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
Ingestion points: The agent reads untrusted data from project documentation (documentation/*.md), configuration files, and existing source code (identified in Steps 1.2 and 3).
Boundary markers: There are no explicit instructions to use delimiters or ignore instructions embedded within the ingested project data.
Capability inventory: The skill has extensive capabilities including shell command execution (build/test/lint), file system modification (Write/Edit), and the ability to invoke other skills via Task() calls.
Sanitization: No sanitization or validation of the content of the ingested files is performed before processing or implementation.

ws-dev