The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses dynamic context injection to execute gh secret list and find commands during initialization to verify the repository state and configuration prerequisites.
[PROMPT_INJECTION]: The generated GitHub Action establishes a surface for indirect prompt injection by reading untrusted data into an LLM context.
Ingestion points: The workflow generated in SKILL.md reads logs from failed CI runs using gh run view --log-failed and feeds them to an LLM.
Boundary markers: The template uses a placeholder <analysis-and-fix-prompt> which lacks explicit delimiters to separate logs from instructions.
Capability inventory: The action is granted contents: write, pull-requests: write, and issues: write permissions, enabling automated code commits or issue creation based on LLM output.
Sanitization: No sanitization or filtering of the build logs is performed before processing.
[EXTERNAL_DOWNLOADS]: The skill configures a workflow that downloads and executes the anthropics/claude-code-action@v1 and actions/checkout@v4 actions. Both originate from trusted or well-known organizations.

github-workflow-auto-fix