The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill executes pnpm install and pnpm run dev|build|preview|test on reproduction projects provided by users via GitHub URLs, StackBlitz URLs, or manual steps. A malicious bug report could include harmful code in package.json scripts (e.g., postinstall) or application logic that executes during reproduction.
[COMMAND_EXECUTION]: The skill uses several command-line tools to perform its tasks, including git for cloning repositories, gh for interacting with GitHub issues and pull requests, pnpm for package management, and curl for fetching Gist data.
[EXTERNAL_DOWNLOADS]: The skill downloads content from external, well-known services to set up reproduction environments. This includes cloning from github.com and downloading projects from StackBlitz using stackblitz-clone.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from GitHub issue titles, bodies, and comments to guide the triage process.
Ingestion points: Untrusted data enters via issueDetails (fetched using gh issue view) and issueTitle/issueBody arguments in reproduce.md, diagnose.md, and verify.md.
Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the ingested issue data.
Capability inventory: The skill possesses significant capabilities, including filesystem access, network operations (curl, gh), and code execution (pnpm).
Sanitization: No sanitization or validation of the external GitHub issue content is performed before it is processed by the agent.

triage