The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute the ruv-swarm and claude-flow@alpha packages from the npm registry. These packages are not from trusted organizations and do not match the authorized vendor patterns for 'plurigrid'. Additionally, the skill references the ruvnet/swarm-action@v1 third-party GitHub Action. Standard actions from GitHub (e.g., actions/checkout, actions/cache) and AWS (aws-actions/configure-aws-credentials) are also utilized for workflow configuration.\n- [REMOTE_CODE_EXECUTION]: The execution of unpinned or alpha-tagged npm packages via npx allows for the dynamic loading and running of remote code that can be modified by the package owner at any time, posing a risk of supply chain compromise.\n- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and Git to perform a wide range of sensitive operations, including repository restructuring, automated PR creation, and release management. These operations are triggered by outputs from unverified tools and processing of external repository data.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its automated handling of external data.\n
Ingestion points: The skill ingests data from GitHub via gh pr view, gh run view, and gh pr create, which includes user-controlled content from pull requests, commit messages, and issues.\n
Boundary markers: The provided examples do not demonstrate the use of delimiters or specific safety instructions to isolate ingested data from the AI agent's core logic.\n
Capability inventory: The system is capable of executing shell commands, modifying repository structures, and interacting with the GitHub API for project management tasks.\n
Sanitization: There is no evidence of validation or sanitization of the content retrieved from the GitHub API before it is passed to specialized agents like the 'code-reviewer' or 'pr-manager'.

github-workflow-automation