The Agent Skills Directory

[PROMPT_INJECTION]: The skill performs manual triage by reading 30-50 lines of code context from external, untrusted GitHub repositories. A malicious repository could include comments containing instructions designed to mislead the agent into ignoring vulnerabilities or performing unintended actions.
Ingestion points: code context read during triage (SKILL.md).
Boundary markers: Absent; the agent reads raw code blocks without protective delimiters or instructions to ignore embedded commands.
Capability inventory: GitHub API access via gh api (POST requests), shell command execution for scanners, and repository writing for PR creation.
Sanitization: None specified; the agent directly processes the retrieved code lines.
[COMMAND_EXECUTION]: The skill uses the $REPO variable within a shell command (gh api -X POST "/repos/$REPO/security-advisories"). Since the repository name originates from external sources like the GitHub trending list, a maliciously crafted repository name could potentially trigger command injection if the shell environment does not adequately sanitize the variable.

aeon-vuln-scanner