The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external data from GitHub issue bodies and comments to analyze root causes and draft responses (Step 1 and Step 2). This creates an indirect prompt injection surface where a malicious user could craft a bug report designed to influence the agent's logic, misrepresent the issue, or inject malicious text into the drafted response. The risk is mitigated by the mandatory human-in-the-loop approval requirement (Step 4) before any actions are executed.
[COMMAND_EXECUTION]: The skill uses the Bash tool to interact with the GitHub CLI (gh). In Step 5, the skill instructs the agent to execute commands like gh issue comment <number> --body "<response>". Because the <response> and <number> variables are derived from untrusted external data and AI generation, injecting them directly into a shell command string without explicit sanitization or escaping could lead to arbitrary command execution on the host system if the strings contain shell metacharacters (e.g., backticks, semicolons, or command substitutions).

bug-triage