The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill provides a significant attack surface for indirect prompt injection by feeding untrusted issue descriptions directly into its decision-making logic. Ingestion points: The $ARGUMENTS variable in SKILL.md and user-provided GitHub URLs for log analysis. Boundary markers: The skill wraps input in tags, but this does not provide robust protection against instruction injection. Capability inventory: The skill dispatches commands to tools such as /fix-ci, /fix-hard, and /code, which possess the authority to perform sensitive operations like file modification and build system updates. Sanitization: There is no logic present to sanitize or validate the input content before it is passed to execution-capable sub-commands.

fix