The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from GitHub issue bodies which are potentially attacker-controlled. \n- Ingestion points: Issue bodies are parsed for dependency markers ("Blocked by:", "Blocks:", etc.) and stored in the $ISSUES_DATA variable (SKILL.md). \n- Boundary markers: Absent; there are no instructions or delimiters provided to prevent the agent from following instructions embedded within the processed issue content. \n- Capability inventory: The skill utilizes the Bash tool to execute system commands and the GitHub CLI (gh) to modify repository state (SKILL.md). \n- Sanitization: No sanitization or validation of the ingested strings is performed before they are used to influence the agent's logic. \n- [COMMAND_EXECUTION]: The skill performs shell command execution to retrieve data and perform actions. \n- Executes a local shell script at the relative path ../../scripts/open-issues.sh using the Bash tool. \n- Uses the gh (GitHub CLI) to view and modify issues, including changing assignees based on agent-selected recommendations.

next