The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill retrieves issue titles, descriptions, and comments from GitHub using the gh CLI (gh issue view). This untrusted external data is interpolated into prompts for the main agent and multiple specialized sub-agents (e.g., debug-investigator, test-generator) during the root cause analysis phase. The absence of strict boundary markers or sanitization logic for this data allows for potential indirect prompt injection attacks.\n
Ingestion points: Output of gh issue view (Phase 1, documented in references/fix-phases.md).\n
Capability inventory: Bash (file and git operations), Write/Edit (code modification), Agent (autonomous sub-agent spawning), CronCreate (scheduled execution), TaskCreate (task management).\n
Boundary markers: Absent; data is passed directly as variables into sub-agent prompts.\n
Sanitization: No sanitization or validation of the retrieved GitHub content is performed before interpolation.\n- [COMMAND_EXECUTION]: Use of Persistence via Scheduled Tasks. The workflow employs the CronCreate tool to schedule recurring checks of CI status for generated pull requests. While the skill includes logic to delete the cron job upon completion, the use of scheduled execution represents a persistence mechanism. However, this usage is aligned with the skill's primary purpose of automated issue resolution and uses the platform's native task scheduling capability.\n- [COMMAND_EXECUTION]: External Tooling and CLI Usage. The skill's documentation suggests the installation of the portless NPM package and relies on the GitHub CLI (gh) for core functionality including issue retrieval, pull request management, and CI monitoring.\n- [COMMAND_EXECUTION]: Execution of Lifecycle Hooks. The skill configures a PreToolUse hook that executes a local script (run-hook.mjs) when the Read tool is invoked. This represents a form of automated script execution within the plugin environment triggered by standard tool usage.

fix-issue