The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill includes instructions to perform git operations using authentication tokens embedded in the remote URL (e.g., https://KoshelevDV:$(gh auth token)@github.com/...). This is a dangerous practice that exposes sensitive credentials in process lists, environment logs, and command history.\n- [COMMAND_EXECUTION]: The skill utilizes the cron_create tool to implement a 'dual cron' anti-freeze pattern. This schedules persistent tasks on the host system to poll subagent status and resume the orchestrator session, which qualifies as a persistence mechanism. It also executes various system commands for build and linting processes (git, ruff, cargo) across multiple subagents.\n- [DATA_EXFILTRATION]: The orchestration logic is pre-configured to push code and create issues on specific hardcoded GitHub repositories (user KoshelevDV). If deployed without modification, this could lead to the unauthorized transfer of proprietary code or project metadata to external repositories controlled by the skill author.\n- [EXTERNAL_DOWNLOADS]: The developer and fix subagents are instructed to install dependencies using package managers (pip install, npm run), which involves downloading and executing unverifiable code from public registries based on potentially untrusted project configuration files.\n- [PROMPT_INJECTION]: The skill architecture ingests and reviews arbitrary code and diffs from project repositories through four specialized AI roles. The lack of explicit boundary markers or sanitization for this ingested content creates a surface for indirect prompt injection, where malicious instructions hidden in the codebase could manipulate the subagents' findings or the orchestrator's fix logic.

Full Cycle Developer