The Agent Skills Directory

[PROMPT_INJECTION]: The skill directly interpolates the $ARGUMENTS variable (the user-provided bug report) into its workflow in Stage 0 without sanitization or protective delimiters. This allows a user to provide a malicious report designed to override the agent's operational instructions.
[PROMPT_INJECTION]: User-influenced text (such as the root cause summary and action flow) is passed into the templates defined in AGENTS.md for parallel sub-agents. This creates an indirect prompt injection surface where malicious content in the initial bug report can propagate and influence the behavior of downstream sub-agents.
[SAFE]: The skill implements a robust 'DO NOT START WITHOUT EXPLICIT USER APPROVAL' gate in Stage 4, ensuring that no code modifications or filesystem writes are performed without a human reviewer's confirmation.
[SAFE]: File operations are logically restricted to local codebase modifications and progress logging in the plans/ directory, with no evidence of unauthorized network activity or attempts to access sensitive system files like SSH keys or environment variables.

bug-fix