The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts probe_lume_runner_guest.py and summarize_runner_state.py utilize subprocess.run to call external tools such as gh (GitHub CLI), lume (VM management), and ssh. These calls are executed without a shell environment and are used exclusively for gathering status and diagnostic information as described in the documentation.
[PROMPT_INJECTION]: The skill's scripts read and process external data, including GitHub API responses and runner log files. While this creates a theoretical surface for indirect prompt injection, the processed data is used for reporting and triage by a human operator, and no security-sensitive automated decisions are derived from this untrusted input.
[SAFE]: No indicators of malicious obfuscation, credential harvesting, unauthorized network exfiltration, or persistence mechanisms were found. The skill operates as a legitimate administrative utility for DevOps workflows.

self-hosted-runners