The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the GitHub CLI (gh) and a local Python script scripts/fetch_comments.py. It explicitly instructs the agent to request elevated system permissions using sandbox_permissions=require_escalated.- [COMMAND_EXECUTION]: The skill requests high-privilege GitHub OAuth scopes, specifically workflow and repo. The workflow scope grants administrative access to GitHub Actions, enabling the modification or deletion of CI/CD workflows, which is a significant privilege escalation risk.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection attacks.- Ingestion points: Untrusted data from PR conversation comments and review threads are fetched via the GitHub API in scripts/fetch_comments.py.- Boundary markers: None. External content is provided to the agent without delimiters or instructions to ignore embedded commands.- Capability inventory: The agent is authorized to execute gh commands and is tasked with 'applying fixes,' which typically involves file system writes and code modification.- Sanitization: There is no evidence of sanitization, validation, or filtering of the fetched GitHub comment text before it is used to determine the agent's next actions.

gh-address-comments