The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs extensive shell command execution using the gh CLI for issue management, PR creation, and GraphQL API interactions. It also executes standard project lifecycle scripts including pnpm lint, pnpm test, pnpm build, and pnpm test:e2e. While these are functional requirements, they represent a broad execution surface directed by agent reasoning.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources. Specifically, it reads GitHub issue titles, bodies, and comments to 'parse requirements' and 'design the approach' for code modifications. An attacker could craft a malicious issue containing hidden instructions to influence the agent's behavior during the implementation phase.
Ingestion points: workflows/issue-task-loop.md (fetches issue metadata and body via gh issue view).
Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when processing the ingested issue text.
Capability inventory: The skill possesses the ability to edit local files, execute shell commands, and interact with the GitHub API.
Sanitization: No sanitization or validation logic is present to filter malicious instructions within the issue content before the agent processes them.

bulk-issues