The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because its primary function involves processing untrusted external data such as runtime logs, CI/CD output, and user-provided issue reports. Malicious instructions could potentially be embedded in these artifacts to influence agent behavior.
Ingestion points: Data enters the system through the ISSUE and RESOURCES inputs defined in SKILL.md and utilized by the evidence-collector subagent.
Boundary markers: The skill contains comprehensive instructions across all subagents to treat evidence strictly as data, ignore imperative text found within artifacts, and isolate raw artifacts within subagent contexts.
Capability inventory: The agent can read local repository files, inspect git history (Tier A), and execute local tests or builds in disposable environments (Tier B).
Sanitization: The skill implements a detection strategy where suspicious or imperative text discovered in evidence is flagged as possible-injection-content and surfaced in the final report for human review.
[COMMAND_EXECUTION]: The skill includes capabilities to execute local commands for reproduction and validation. The references/safety-tiers.md file defines 'Tier B' actions, which allow running test suites, local builds, and docker containers in disposable scopes. These capabilities are restricted from modifying the repository's state of record or accessing remote production environments.
[EXTERNAL_DOWNLOADS]: The skill identifies and references official documentation from well-known services (GitHub, GitLab, and AWS) in references/external-sources.md. These links are provided as authoritative references for interpreting logs and pipeline semantics during the diagnosis process.

diagnosing-root-causes