hotfix

The SKILL.md file describes a hotfix workflow. It contains markdown text and code blocks with shell commands for git and gh (GitHub CLI). These commands are presented as instructions for a human user to follow, not as code to be executed by the AI agent itself.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override', 'You are now') were found. The instructions are clear and benign.
2. Data Exfiltration: The skill does not contain any commands that would exfiltrate sensitive data. It uses standard git commands and gh pr create to interact with GitHub, which is an expected and non-malicious interaction for a development workflow. No access to sensitive file paths (like ~/.aws/credentials or ~/.ssh/id_rsa) combined with network operations was detected.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or other forms of hidden content were found.
4. Unverifiable Dependencies: The skill relies on git and gh (GitHub CLI), which are assumed to be pre-installed and trusted system tools. It does not instruct the installation of any new, unverified external packages or scripts.
5. Privilege Escalation: No commands like sudo, chmod +x, chmod 777, or other privilege escalation attempts were found.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab, authorized_keys) were detected.
7. Metadata Poisoning: The name and description in the front matter are benign and accurately reflect the skill's purpose.
8. Indirect Prompt Injection: The skill does not process external, untrusted content in a way that would make it vulnerable to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage, or environment variables that would trigger malicious behavior was found.

Overall, the skill is a purely descriptive and instructional document, posing no security risks.