The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill utilizes bash to run rwx docs pull, rwx docs search, and rwx lint. Executing shell commands with user-supplied arguments (the config path) introduces a risk of shell injection if the agent fails to sanitize inputs before interpolation into the command line.- PROMPT_INJECTION (LOW): High surface for Indirect Prompt Injection. The skill reads external workflow files (.github/workflows/*.yml, .rwx/*.yml) and processes them. Malicious instructions embedded in YAML comments or strings could manipulate the agent's logic. Evidence Chain: (1) Ingestion: .rwx/ci.yml and .github/workflows/ci.yml. (2) Boundary markers: Absent. (3) Capability: Bash execution of rwx commands. (4) Sanitization: None.- PROMPT_INJECTION (LOW): The instructions explicitly direct the agent to bypass standard platform tools ('Do NOT use WebFetch') in favor of raw shell execution. This pattern is often used to evade safety filters or summarization logic applied to standard web tools.

review-gha-migration