The Agent Skills Directory

[COMMAND_EXECUTION]: The duplicate detection logic in modules/issue-templates.md is vulnerable to shell command injection. The skill constructs a gh CLI command by directly interpolating the {{COMMAND}} and {{ERROR_EXCERPT}} variables, which contain untrusted data from previous workflow outputs. This allows an attacker to execute arbitrary commands on the host by including shell metacharacters in the workflow logs.
[DATA_EXFILTRATION]: The skill captures full command outputs and session context to generate issue reports on GitHub and GitLab. It lacks a sanitization or scrubbing step to remove sensitive information such as API keys, authorization tokens, or private environment variables that may be present in the execution logs, potentially leading to accidental credential exposure on public or shared issue trackers.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. Ingestion points: The skill ingests untrusted command outputs and error messages in modules/detection-patterns.md. Boundary markers: The templates in modules/issue-templates.md wrap content in standard markdown code blocks but do not include explicit 'ignore' instructions or delimiters to prevent the agent from following instructions embedded in the logs. Capability inventory: The skill can create issues on external platforms via the gh CLI and log persistent evidence. Sanitization: No sanitization, escaping, or validation is performed on the captured output before it is interpolated into templates or processed by the agent.

workflow-monitor