The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from GitHub issue titles and bodies. \n- Ingestion points: Untrusted issue content is retrieved from the GitHub API via gh issue view and gh issue list commands in scripts/duplicate-detection.sh, scripts/issue-helpers.sh, and scripts/validate-issue.py. \n- Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within the processed issue text. \n- Capability inventory: The skill has the authority to modify repository state by editing issues (gh issue edit), closing issues (gh issue close), and posting comments (gh issue comment). \n- Sanitization: Issue content is parsed via jq and analyzed by scripts for keywords, but no sanitization is performed to filter potential instructions or overrides embedded in the issue body. \n- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and standard shell utilities to perform its core functions. \n- The shell scripts issue-helpers.sh and duplicate-detection.sh invoke gh commands to automate bulk operations. \n- validate-issue.py uses subprocess.run to execute gh with arguments derived from the triage process. \n- These executions are documented components of the skill's management capabilities and are restricted to the authorized tools list.

triaging-issues