The Agent Skills Directory

[DATA_EXPOSURE]: The skill is designed to access and analyze CI/CD configuration files (such as .github/workflows/, .gitlab-ci.yml, and Jenkinsfiles) and job logs. These files are inherently sensitive as they define the build environment and may contain infrastructure details. However, the instructions include proactive requirements to preserve secret hygiene, specifically prohibiting the printing of tokens, credentials, masked values, or full environment dumps.
[COMMAND_EXECUTION]: The skill utilizes standard, well-known command-line interfaces (gh, glab, circleci, and Jenkins CLI) to interact with CI providers and retrieve run metadata and logs. This is necessary for its primary function and follows standard developer workflows.
[INDIRECT_PROMPT_INJECTION]: The agent processes untrusted external data in the form of CI job logs, annotations, and test reports which could potentially contain malicious instructions from an attacker-controlled codebase or pull request.
Ingestion points: SKILL.md (Step 2: Gather Evidence) and investigation-playbook.md describe fetching logs and artifacts via gh run download or log-viewing commands.
Boundary markers: The skill does not define specific delimiters (like XML tags) to wrap the ingested logs, though it does instruct the agent to ignore "noisy" content.
Capability inventory: The skill possesses the ability to read the file system, execute provider CLIs, and potentially access the network through those CLIs.
Sanitization: No programmatic sanitization is implemented; however, the skill provides clear behavioral constraints to avoid echoing sensitive data and to prefer specific error lines over raw log dumps.

krt-ci-questor