The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from the Zentao bug tracker, including bug titles, descriptions, and reproduction steps, which are used to guide the agent's code analysis and are later formatted into GitLab issues and Merge Requests using templates. This creates a vulnerability surface for indirect prompt injection where instructions hidden in a ticket could influence the agent's actions. Ingestion points: Data is fetched from Zentao bug tickets via 'scripts/zentao.sh'. Boundary markers: Untrusted content is interpolated into templates in the 'templates/' directory without explicit instructions to the agent to ignore embedded commands. Capability inventory: The skill can perform file modifications, run project tests via 'make', execute git operations, and call GitLab/Zentao APIs. Sanitization: The scripts use Python's 'json.dumps' and 'urllib.parse' to safely format data for API calls, providing protocol-level escaping but not semantic filtering of instructions.
[COMMAND_EXECUTION]: The skill executes various local commands to automate the bug-fix lifecycle, including git for version control and curl for API communication. It specifically runs 'make -C .test' to verify fixes, which involves executing code found within the repository. Additionally, the scripts dynamically generate and execute localized Python snippets to process JSON payloads and handle data transformations. This execution is scoped to the skill's primary purpose of automated software maintenance.

zc-bug-fix