The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent_issue_sweep.py executes system commands including git, gh, bash, and python to manage repository state and run tests. These commands are executed using argument lists via subprocess.run, which effectively prevents shell injection.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and acts upon issue titles and descriptions from GitHub. A malicious actor could craft an issue with instructions designed to manipulate the agent's behavior during its automated tasks. * Ingestion points: Data is fetched from GitHub via gh issue list and gh issue view commands. * Boundary markers: The skill does not implement delimiters or 'ignore' instructions to distinguish between the system prompt and untrusted issue content. * Capability inventory: The agent has the ability to modify the local filesystem, perform git commits and pushes, manage GitHub PRs/issues, and execute arbitrary code through pytest. * Sanitization: No sanitization or validation of retrieved issue content is performed before processing.

github-process-agent-issues