The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection attacks because it ingests and processes untrusted data from GitHub. * Ingestion points: The skill retrieves external data from GitHub issue and PR bodies and comments using 'gh issue list', 'gh pr list', and 'gh view' commands in Phase 1 and Phase 3 of SKILL.md. * Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its core logic and potentially malicious instructions embedded within the GitHub content it processes. * Capability inventory: The agent has the authority to modify repository state using the 'gh issue close', 'gh pr review --approve', and 'gh pr merge' commands listed in the Quick-Action Commands section. * Sanitization: No sanitization or validation of the fetched GitHub content is performed before processing.
[COMMAND_EXECUTION]: The skill relies on the execution of various GitHub CLI (gh) commands to interact with remote repositories. This includes fetching data, editing labels, closing issues, and merging pull requests. While these actions are central to the skill's intended purpose as a triage tool, they represent the execution of system commands that modify external resources.

engram-backlog-triage