The Agent Skills Directory

[Data Exposure & Exfiltration] (SAFE): The skill guides the user in setting up API keys for Anthropic and GitHub. It uses safe placeholders (e.g., sk-ant-..., ghp_...) and recommends the use of .env files while explicitly advising never to commit them. Verification commands like echo $ANTHROPIC_API_KEY | head -c 10 are local-only and benign.
[Indirect Prompt Injection] (LOW): The framework is designed to ingest data from untrusted external sources (GitHub Issues).
Ingestion points: gh issue view is used to fetch external content which is then interpolated into prompts.
Boundary markers: The prompt template for issue classification (# Issue $ARGUMENTS) lacks explicit boundary delimiters to separate instructions from the untrusted data.
Capability inventory: The framework triggers autonomous execution scripts (adw_plan_build.py) and CLI interactions (claude -p) based on the ingested content.
Sanitization: No explicit sanitization or filtering logic is provided for the issue content before processing.
[Command Execution] (SAFE): The skill utilizes standard command-line utilities (gh, git, python, curl) for their intended administrative and testing functions. No suspicious or obfuscated commands were identified.

piter-setup