The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted bug reports and log data without isolation or verification.
Ingestion points: The $ARGUMENTS parameter in SKILL.md accepts external bug descriptions, reproduction steps, and CI logs which are processed in Step 1.
Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when the agent processes the input data.
Capability inventory: The skill possesses significant capabilities including file system search (rg), test execution (npx vitest), and repository modification (git commit).
Sanitization: The skill does not perform any sanitization or validation of the input arguments before using them in logic or command execution.
[COMMAND_EXECUTION]: The skill executes shell scripts and standard CLI tools using parameters derived from user input.
Evidence: SKILL.md instructs the agent to run npx vitest and git log with arguments extracted from the bug report. Additionally, scripts/collect-bugfix-context.sh and scripts/run-targeted-test.sh execute commands like rg and vitest using these external variables. While the scripts use shell quoting, the workflow is vulnerable if the agent is manipulated into passing malicious arguments.

bugfix