The Agent Skills Directory

Dynamic Code Generation and Execution: The skill is designed to generate a C# console application from external issue descriptions and execute it to confirm bugs. This involves running code derived from untrusted user input, which is a significant security consideration in any execution environment.
Indirect Prompt Injection Surface: The skill ingests data from external GitHub issues which is then used to influence code generation and triage decisions. This creates a surface where malicious instructions embedded in an issue could potentially affect the agent's behavior.
Ingestion points: Input issue text and linked resources (provided in SKILL.md).
Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing the issue content.
Capability inventory: The skill utilizes the GitHub CLI (gh), file system access to create and run .NET applications, and potentially network or container access for database providers (SKILL.md).
Sanitization: There is no mention of explicit sanitization or validation of the user-provided code snippets or text before they are integrated into the reproduction template.
Access to Sensitive Environment Variables: The reproduction template accesses the Test__SqlServer__DefaultConnection environment variable. While standard for automated testing in the dotnet/efcore repository, this variable contains sensitive connection string information.
Sensitive Data Logging: The template includes the EnableSensitiveDataLogging() configuration. This is a standard EF Core feature for debugging but means that the generated logs—which the skill is instructed to post back to GitHub—could contain literal data values from the test execution.

triage