The Agent Skills Directory

[PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it processes potentially untrusted CI log data to determine its next actions.
Ingestion points: The skill fetches failed logs from GitHub Actions using gh run view --log-failed as described in Step 1 of SKILL.md.
Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard potential instructions embedded within the fetched logs.
Capability inventory: The skill has extensive permissions, including the ability to modify local source code, execute tests via pytest, and push code to remote branches using git push.
Sanitization: There is no evidence of sanitization or filtering of the log content before the agent analyzes it to determine which 'targeted fixes' to apply.
[COMMAND_EXECUTION]: The skill relies on the execution of several local CLI tools to perform its intended functions.
Evidence: It uses git for branch management and committing, gh for interacting with GitHub Actions, and ruff, mypy, and pytest for code correction and verification.
Context: These tools are well-known and standard for the described purpose; however, their execution is triggered by logic that evaluates external, untrusted log data.

fix-ci