The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because its core logic involves reading and interpreting data from files in the user's repository to determine which workflows to generate.
Ingestion points: The skill reads files such as composer.json, package.json, and readme.txt from the user's plugin directory to identify development tooling and compatibility requirements.
Boundary markers: No specific instructions are provided to the agent to treat the content of these files as untrusted data or to disregard any natural language instructions that might be embedded within them (e.g., in a malicious README file).
Capability inventory: The agent has the capability to generate and write multiple YAML workflow files into the .github/workflows/ directory, which is a sensitive location for repository automation.
Sanitization: The skill does not instruct the agent to perform validation or escaping of the data parsed from repository files before using it in recommendations or file creation.
[EXTERNAL_DOWNLOADS]: The generated GitHub Actions templates utilize several third-party actions from well-known organizations and reputable community maintainers.
Evidence: Templates reference actions such as 10up/wpcs-action, shivammathur/setup-php, WordPress/action-wp-playground-pr-preview, and 10up/action-wordpress-plugin-deploy. These references are standard for the WordPress development ecosystem and follow best practices by managing credentials through GitHub Secrets.

wp-github-actions