The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill utilizes git remote and gh api with user-supplied repository identifiers. Without explicit sanitization of the <owner/repo> input, this presents a significant risk of command injection where a crafted repository name could execute arbitrary shell commands.
[PROMPT_INJECTION] (LOW): The instruction to 'automatically exit' using an 'IMPORTANT' tag is a direct behavioral override that attempts to force agent control flow.
[PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: External, attacker-controlled data is fetched from GitHub issue comments and PR descriptions via gh api. 2. Boundary markers: No delimiters or isolation instructions are provided to separate this untrusted data from the agent's context. 3. Capability inventory: The skill allows for system command execution and file system writes (generating markdown reports). 4. Sanitization: There is no evidence of sanitization or filtering of the external content before it is summarized or written to disk, which could allow malicious instructions in GitHub comments to be executed or interpreted by the agent.

repo-activity