The Agent Skills Directory

Indirect Prompt Injection Surface: The skill is designed to ingest and process data from external GitHub issues. Because this content originates from outside the immediate environment, there is a potential for embedded instructions to influence the agent's research or triage logic.
Ingestion points: Data enters the context through GitHub issue content referenced in the triage and research phases.
Boundary markers: The instructions do not currently specify delimiters to separate untrusted issue content from the agent's core system instructions.
Capability inventory: The skill possesses the ability to comment on issues, close them, modify code via the /write component, and submit pull requests.
Sanitization: No explicit sanitization or filtering of the fetched issue body is mentioned prior to processing.
Command Execution via CLI Tools: The workflow utilizes shell-based commands for issue management and version control.
Evidence: Steps 2 and 7 use the gh (GitHub CLI) and git tools to perform actions like closing issues or switching branches. While these are standard development practices, they represent a mechanism where input parameters are passed directly to the shell environment.

fix-issue