The Agent Skills Directory

[PROMPT_INJECTION]: Potential for indirect prompt injection through GitHub issue content. 1. Ingestion points: Reads GitHub issue titles and descriptions using gh issue list and $ARGUMENTS in SKILL.md. 2. Boundary markers: None identified; external content is processed without explicit delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill has access to Bash (git, gh, cd, mkdir) and Task tools as defined in the YAML frontmatter. 4. Sanitization: No explicit sanitization or validation of the content retrieved from GitHub issues is performed before processing.
[COMMAND_EXECUTION]: The skill employs dynamic context injection (!command syntax) in SKILL.md to automatically fetch repository information when loaded. The executed commands (git status, git branch, gh issue list, etc.) are standard development tools and do not pose a direct threat in this context.

resolve-issues