The Agent Skills Directory

[PROMPT_INJECTION]: The skill demonstrates high awareness of prompt injection risks. It includes a dedicated section on 'Handling Untrusted Content' with explicit instructions to ignore any commands or directives embedded within GitHub issue bodies or comments.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data (GitHub issues) which could contain malicious payloads. It mitigates this via a 'Content Isolation Protocol' that prevents the agent from parsing the issue directly; instead, the agent displays the content to the user and requires the user to provide authoritative requirements in their own words via the AskUserQuestion tool.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform standard development tasks, such as running local test suites (npm test, pytest, etc.) and executing git and gh CLI commands. These operations are restricted to the intended purpose of the skill and are performed after user confirmation of the requirements.
[REMOTE_CODE_EXECUTION]: No patterns of downloading and executing remote scripts (e.g., curl | bash) were detected. External interactions are limited to authenticated GitHub CLI operations and documentation queries via Context7.
[DATA_EXFILTRATION]: The skill retrieves repository metadata and issue details using the GitHub CLI. It does not access sensitive local files (e.g., SSH keys, .env files) or send data to non-whitelisted external domains.

github-issue-workflow