The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to ingest and process data from GitHub, which is an untrusted external source. Ingestion points: Data is retrieved from various GitHub API endpoints as shown in the pagination and listing examples in SKILL.md. Boundary markers: No boundary markers or specific instructions to ignore embedded commands are provided for the processed data. Capability inventory: The skill possesses the ability to perform write operations on GitHub (e.g., creating and merging PRs, pushing commits) and executes local shell scripts. Sanitization: No sanitization, escaping, or validation of the retrieved GitHub content is demonstrated in the provided code.
[COMMAND_EXECUTION]: The skill executes local shell scripts and system utilities to perform its functions. SKILL.md triggers the scripts/github-token.sh script. This script executes a local binary at /Users/joel/.local/bin/secrets to retrieve sensitive application parameters and uses common utilities like openssl, curl, and python3 for token generation and API communication.

github-bot