The Agent Skills Directory

[DATA_EXFILTRATION]: Accesses sensitive configuration and memory files stored in hidden application data directories (e.g., .claude/plugins/data/). This includes reading preferences.json and topics_active.md via cat commands.
[DATA_EXFILTRATION]: Manages and utilizes sensitive API tokens (SENTRY_AUTH_TOKEN, LINEAR_API_KEY) within shell commands (curl). Passing secrets through shell arguments can expose them to process monitors or shell history.
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection due to the processing of untrusted external data. * Ingestion points: Ingests issue titles and bodies from GitHub, Sentry, and Linear (file: SKILL.md). * Boundary markers: Missing; the skill does not use delimiters or instructions to prevent the agent from obeying commands embedded in issue descriptions. * Capability inventory: Includes spawning sub-agents with issue context, closing/updating issues, and executing shell commands (file: SKILL.md). * Sanitization: No sanitization or validation of the external issue content is performed before it is presented to the user or passed to sub-agents.
[COMMAND_EXECUTION]: Performs dynamic shell execution by looping through repository lists extracted from local registry files using jq and bash.

ops-triage