The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill demonstrates a vulnerability to indirect prompt injection by ingests untrusted data from GitHub. * Ingestion points: External data is fetched via gh issue view <issue-number> in SKILL.md. * Boundary markers: None are used to delimit the external content from the command template. * Capability inventory: The skill executes shell commands using git checkout -b and gh. * Sanitization: Includes natural language instructions for the agent to sanitize data (e.g., 'Remove special characters', 'Convert to lowercase'), but lacks programmatic enforcement.- [Command Execution] (MEDIUM): The workflow relies on the agent to correctly format issue titles into branch names before executing git checkout -b. If an attacker crafts an issue title containing shell metacharacters (e.g., backticks, semicolons) and the agent fails to sanitize them, it could lead to arbitrary command execution in the user's local shell environment.

fork-dev-branch