The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from GitHub issue and PR content.
Ingestion points: The workflow in SKILL.md fetches titles, bodies, and comments from issues and pull requests using gh issue view and gh pr view.
Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its instructions and the potentially malicious data fetched from GitHub.
Capability inventory: The skill possesses high-privilege capabilities including merging pull requests (gh pr merge), closing issues/PRs, deleting git branches, and modifying the CHANGELOG.md file.
Sanitization: There is no evidence of sanitization or filtering of the content retrieved from GitHub before it is processed by the agent's logic.
[COMMAND_EXECUTION]: The skill performs sensitive repository operations using the GitHub CLI and Git based on potentially untrusted data.
Evidence: The workflow includes commands for merging PRs, closing items with comments, and deleting branches (git push origin --delete). While these are intended functions, their execution depends on the interpretation of external data that could be manipulated.

openclaw-github-dedupe