The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill reads untrusted data from GitHub issue bodies which is then used to determine verification steps and update issue content.
Ingestion points: Step 1 extracts the issue body using gh issue view [ISSUE_NUMBER] --json body.
Boundary markers: Absent. The skill does not define delimiters or provide instructions to ignore embedded commands within the criteria text.
Capability inventory: The skill executes shell commands (pnpm test, npx playwright test), modifies GitHub issues (gh issue edit), and posts comments (gh issue comment).
Sanitization: Absent. The extracted criteria are parsed directly for status and evidence without validation or escaping before being used in further commands or reports.
[Command Execution] (SAFE): The skill executes local commands to run tests and interact with the GitHub CLI.
Evidence: Uses pnpm test, npx playwright, and gh CLI commands.
Context: These operations are fundamental to the skill's stated purpose of verifying code and updating project status. While powerful, they are restricted to standard development tools.
[Dynamic Execution] (LOW): The skill constructs shell commands dynamically using variables derived from issue content.
Evidence: Step 6 assembles a command gh issue edit [ISSUE_NUMBER] --body "$NEW_BODY" where $NEW_BODY is derived from external input.
Context: While this pattern is common in automation, it creates a surface for command injection if the input is not strictly controlled.

acceptance-criteria-verification