The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill explicitly directs the agent to 'Build the product' and 'Use Deployment instructions' from the target repository. This involves executing third-party scripts (e.g., install scripts, Makefiles, or build tools) from an external, potentially untrusted GitHub repository in the local environment.
[COMMAND_EXECUTION]: The reproduction steps involve starting arbitrary backend and frontend servers and using CLI tools like 'curl' to interact with them, which provides a path for executing potentially malicious code contained within the analyzed project.
[DATA_EXFILTRATION]: The instructions to 'Capture all logs, error output, and HTTP responses' and save them to an artifact file (.ai/issue-analysis-<issue_number>.md) create a risk of data exposure. If the project being tested or the environment contains sensitive information like secrets or PII that appear in logs, this data will be persisted in the repository root.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from GitHub issues and repository files without sanitization. * Ingestion points: GitHub issue descriptions, comments, and repository files (SKILL.md). * Boundary markers: None found; the agent is not instructed to ignore embedded instructions in the issue text or code. * Capability inventory: File system writes, shell command execution for builds/servers, and network access via curl. * Sanitization: No logic is provided to filter or validate external inputs before they are used in commands or logged.

reproduce