The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads local files including .validator/config.yml, .debug.log, and .execution_state. The contents of these files are subsequently sent to an external GitHub repository (Codagent-AI/agent-validator) via the gh CLI. While the instructions include a requirement for the agent to redact sensitive values like API keys and tokens, this relies on the model's reliability to identify and remove all sensitive information before transmission.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute several system commands:
tail -n 50 to read log files.
mktemp to create temporary files for the issue body.
gh issue create to perform network operations and file data to GitHub.
rm -f to delete temporary files.
[PROMPT_INJECTION]: The skill implements an '--auto-file' flag in the $ARGUMENTS processing. When detected, it explicitly instructs the agent to skip the human-in-the-loop confirmation step (Step 4), which can lead to the automated exfiltration of data without final user review of the redacted content.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect injection:
Ingestion points: Reads untrusted data from local log files (.debug.log) and execution state files which may contain attacker-controlled content.
Boundary markers: No explicit boundary markers or delimiters are used when interpolating file contents into the draft issue body.
Capability inventory: The skill has the capability to write to the network via gh issue create and execute shell commands via Bash.
Sanitization: There is a manual instruction to redact sensitive values, but no programmatic sanitization or validation of the ingested content is performed before submission.

validator-issue