The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill directs the agent to ingest and process raw failure output from CI pipelines (SKILL.md). This data is untrusted as it can be influenced by external factors like malicious dependencies or test scripts. 1. Ingestion points: CI failure logs pasted into agent context. 2. Boundary markers: Absent in the suggested prompts. 3. Capability inventory: The agent is empowered to execute shell commands like 'npm run lint --fix' and perform file modifications to 'fix' errors (SKILL.md). 4. Sanitization: Absent.\n- Unverifiable Dependencies (MEDIUM): The provided GitHub Action configurations (SKILL.md) reference actions from the 'actions' organization (e.g., actions/checkout, actions/setup-node), which is not included in the defined list of Trusted GitHub Organizations.\n- Command Execution (LOW): The skill utilizes several build and automation tools (e.g., npm, npx, vercel) which execute code and interact with the filesystem and network. While expected for CI/CD, these represent an inherent risk factor.

ci-cd-and-automation