The Agent Skills Directory

[COMMAND_EXECUTION]: The script executes the GitHub CLI (gh) using spawnSync. This is a secure pattern that avoids the security risks associated with shell-based command execution by passing arguments directly to the process.
[DATA_EXFILTRATION]: The skill incorporates specific defenses against accidental data leakage. It uses the hide_secret=true parameter when fetching alerts and uses file-based uploads (-F body=@file) to ensure that potentially sensitive content is never passed as a command-line argument or stored in shell history.
[PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it is designed to ingest and process untrusted user content (GitHub issue and comment bodies).
Ingestion points: User content is downloaded to the local file system using the fetch-content command.
Boundary markers: There are no explicit markers or guardrails in the instructions for the agent to distinguish between its instructions and the content being redacted.
Capability inventory: The agent has access to powerful capabilities via the script, including the ability to delete or modify content and resolve repository security alerts.
Sanitization: While the script ensures the integrity and privacy of the files used for processing (using 0o600 permissions and random UUIDs), the content itself is not sanitized before being read by the agent. However, given the specific maintainer-only use case and the technical controls in the script, this risk is well-contained.

openclaw-secret-scanning-maintainer