The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from both user arguments and external web content without sufficient safeguards.
Ingestion points: User-provided bug descriptions and the DOM/content of the website at home.st44.no during screenshot and recording actions.
Boundary markers: Absent. The issue template and instructions do not use delimiters or provide the agent with explicit instructions to ignore embedded commands within the ingested content.
Capability inventory: The agent has access to the Bash tool and full browser automation (mcp__claude-in-chrome__*).
Sanitization: There is no evidence of input validation or escaping before the data is processed or used in shell commands.
[COMMAND_EXECUTION]: There is a potential risk of shell command injection via the Bash tool. The skill instructions specify using the gh issue create command with the user-provided description. If the implementation concatenates this input directly into a shell string, an attacker could include shell-metacharacters (e.g., backticks or semicolons) to execute arbitrary commands with the privileges of the agent.
[EXTERNAL_DOWNLOADS]: The skill is designed to navigate to and interact with home.st44.no. This domain is not identified as a well-known service or a trusted organization in the security guidelines. While it appears to be a legitimate target for the skill's functionality, interacting with third-party web content while the agent possesses shell and browser capabilities increases the security surface for malicious instructions.

report-bug