The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to bypass sandbox restrictions using sandbox_permissions=require_escalated if initial authentication checks fail. This is an attempt to escalate environment privileges to access host-level credentials and network resources.
[COMMAND_EXECUTION] (LOW): The skill executes a bundled local Python script scripts/inspect_pr_checks.py. While local, its behavior is opaque as the script content is not included in the manifest.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted data from GitHub Actions logs. Ingestion points: Failure logs retrieved via gh run view --log and the GitHub API. Boundary markers: None (the logs are processed directly). Capability inventory: The skill has the ability to execute shell commands and modify the repository codebase during the implementation phase. Sanitization: No sanitization or escaping of log content is specified. An attacker could craft a PR with failing tests that output malicious instructions to the logs, which the agent might erroneously follow.

gh-fix-ci