The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to capture command execution logs and output excerpts to serve as evidence in issue reports. If a monitored workflow prints sensitive information (such as API keys, session tokens, or internal environment variables) to stdout or stderr during a failure, this information would be included in the 'Evidence' section of the generated GitHub or GitLab issue, potentially exposing it to anyone with access to the repository's issue tracker.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the output of external commands. During the 'Analyze' and 'Report' phases, the agent processes these outputs to identify root causes and suggest fixes. An attacker-controlled script could produce specifically crafted error messages containing instructions that the LLM might follow.
Ingestion points: Command output captured in modules/detection-patterns.md and SKILL.md.
Boundary markers: The skill does not define specific delimiters or instructions for the agent to ignore embedded commands within the captured output.
Capability inventory: The agent can execute shell commands via gh or glab and create persistent issues on the git platform.
Sanitization: There is no evidence of filtering or sanitizing command outputs before they are processed by the agent.
[COMMAND_EXECUTION]: The skill uses the gh or glab CLI tools to automate issue management. The parameters for these commands, such as issue titles and search queries, are derived from the monitored workflow execution data, which could be influenced by external inputs.

workflow-monitor