The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to process untrusted data from GitHub issue bodies to identify production URLs for verification.
Ingestion points: Section 0 ('P0/P1 Verification Protocol') specifies that production URLs should be extracted from the body of GitHub issues.
Boundary markers: No delimiters, markers, or safety instructions are provided to separate the extracted URL from potential malicious content in the issue body.
Capability inventory: The agent is authorized to use the Bash tool, curl for network requests, and the gh CLI for issue interactions.
Sanitization: The skill lacks any instructions for validating or sanitizing the extracted $PROD_URL variable before it is used in a shell script.
[DYNAMIC_EXECUTION]: The skill generates shell commands at runtime by interpolating variables sourced from external, untrusted data into script templates.
Evidence: The verification protocol defines the following bash snippet: STATUS=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "$PROD_URL").
Risk: If an attacker includes shell metacharacters (such as backticks, semicolons, or command substitutions) in an issue body that is then extracted as a production URL, the agent may inadvertently execute arbitrary commands when running the curl check.

daily-report