The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes shell commands in pre- and post-execution hooks that use '$' as a substitute for '/' in paths like '.github$workflows' and redirections like '2>$dev$null'. This pattern is also found in trigger keywords and file patterns.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. (1) Ingestion points: Reads local .yml, .sh, and .json files from the repository via Read and Glob tools. (2) Boundary markers: No delimiters or specific instructions are provided to the agent to ignore instructions embedded within the processed data. (3) Capability inventory: The agent has access to powerful tools including Bash execution and file-writing permissions. (4) Sanitization: Content is not validated or sanitized before being incorporated into the agent's context.

agent-ops-cicd-github