The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user-provided bug reports and uses them to generate content for external write operations via the GitHub CLI. An attacker could provide a malicious bug report designed to influence the agent's behavior or exfiltrate codebase secrets into the issue description.
Ingestion points: User bug reports provided conversationally in SKILL.md.
Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore embedded commands within user reports.
Capability inventory: Uses the gh CLI tool to create issues on external GitHub repositories and triggers a background Explore sub-agent.
Sanitization: Absent. There is no explicit requirement to sanitize or validate user input before passing it to the issue template or the gh command.
[DATA_EXFILTRATION]: The skill performs background codebase exploration and is instructed to include 'relevant inputs, flags, or configuration' and 'extra observations from codebase exploration' in the final GitHub issue. This workflow risks the accidental exposure of sensitive project data, environment variables, or internal configuration details to external repositories.
[COMMAND_EXECUTION]: The skill executes shell commands (gh issue create) based on content derived from user input. While it uses a structured template, the instructions to 'Do NOT ask the user to review first' remove the human-in-the-loop safeguard, increasing the risk that a carefully crafted user report could lead to argument injection or command manipulation.

qa