The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes PreToolUse and PostToolUse hooks to execute local Python scripts (validate_labels.py and add_bot_triaged.py) for workflow validation and state management. These scripts are stored within the skill's project directory and run via the python3 interpreter. \n- [PROMPT_INJECTION] (LOW): The skill is subject to indirect prompt injection as it processes untrusted user content from GitHub issues. Mandatory Evidence Chain: (1) Ingestion point: mcp__github__issue_read (SKILL.md). (2) Boundary markers: Absent. (3) Capability inventory: mcp__github__issue_write, mcp__github__add_issue_comment. (4) Sanitization: Step 1.5 redacts file links but does not provide natural language sanitization. Severity is downgraded to SAFE due to the intended triage use case. \n- [SAFE] (SAFE): The skill includes an explicit security step (1.5) to identify and remove links to external files (e.g., .zip, .pt, .safetensors) to prevent the agent or users from downloading untrusted binaries, which is a proactive and beneficial safety measure for handling GitHub issues.

triaging-issues