The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to interact with the environment, specifically for executing GitHub CLI (gh) commands and running development tools such as npx eslint, npx jest, and npx tsc for verifying task completion.
[EXTERNAL_DOWNLOADS]: Fetches issue content and metadata from GitHub's official services using the gh CLI tool.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it processes untrusted data from GitHub and local source code to drive its logic.
Ingestion points: Analyzes GitHub issue bodies in 01-issue-new.md and reads project source code files via Glob and Read tools in 02-discover.md and 03-discover-by-prompt.md.
Boundary markers: The skill uses markdown parsing to structure GitHub input but lacks explicit delimiters or instructions to ignore potential commands embedded in analyzed code or issue descriptions.
Capability inventory: The agent has access to Bash for command execution and Write/Edit for file modifications across the entire project scope.
Sanitization: Input from external sources is parsed for structure (e.g., expected/actual behavior) but is not sanitized to remove potentially malicious instructional content before being passed to subagents or used in task generation.
[REMOTE_CODE_EXECUTION]: The Phase 4 'Quick Plan & Execute' logic (04-quick-execute.md) automatically converts analysis findings into executable tasks. When 'Auto Mode' (--yes) is enabled, the agent may modify files and execute 'verification' commands (e.g., shell scripts or test runners) based on these findings. If the initial analysis was influenced by malicious code comments or issue descriptions, the generated remediation steps could include unintended or harmful operations.

issue-discover