The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes external data from GitHub issues and pull requests, creating a surface for indirect prompt injection. Ingestion points: The skill uses gh api, gh pr view, and gh issue view within SKILL.md to read content from GitHub that can be controlled by external users. Boundary markers: No delimiters or isolation instructions are provided to separate user-controllable data from the agent's instructions. Capability inventory: The skill possesses significant write-access capabilities including git push, gh pr create, and gh api PATCH/POST requests which allow it to modify the repository and conversation state. Sanitization: No sanitization or validation mechanisms are implemented to filter incoming data ingested from GitHub.

github-action