The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest and process bug reports, reproduction steps, and severity levels provided by QA agents. These inputs are untrusted data sources that could be used to perform an indirect prompt injection attack, potentially overriding the agent's core instructions to perform unauthorized actions.
Ingestion points: Processes external QA bug reports and reproduction steps (SKILL.md).
Boundary markers: Absent; the instructions do not implement delimiters or safety headers to separate untrusted QA data from system instructions.
Capability inventory: The agent has access to Bash, Edit, and Write tools, as well as MCP integrations for GitHub and Linear (SKILL.md).
Sanitization: Absent; there is no logic described for validating or filtering the content of the ingested reports.
[COMMAND_EXECUTION]: The skill is granted access to the Bash tool and instructions explicitly direct the agent to interact with the shell for exploring the project structure and potentially verifying fixes. This powerful capability, combined with the processing of untrusted input, poses a risk if an attacker can manipulate the agent into executing arbitrary shell commands.
[DATA_EXFILTRATION]: The skill is instructed to read project configuration files (e.g., .qa/config.yml) and has the capability to post information to external platforms via mcp__github__add_issue_comment and mcp__linear__save_comment. A successful manipulation of the agent could lead to the exposure or exfiltration of sensitive project data or environment configurations through these issue tracker comments.

qa-bug-fixer