The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interpolates user-supplied input from $ARGUMENTS (PR numbers or URLs) directly into shell commands, such as gh pr view <PR_NUMBER>. While the instructions tell the agent to parse the input first, a lack of strict validation could allow for command injection if an attacker provides malicious input segments.- [DATA_EXFILTRATION]: To function, the skill requests dangerouslyDisableSandbox: true. This allows the gh and bk CLI tools to communicate with external APIs (GitHub and Buildkite). This network access is intended for fetching PR and build data but represents an increased risk profile if unauthorized commands are executed.- [EXTERNAL_DOWNLOADS]: Fetches build annotations and logs from Buildkite's infrastructure using the bk CLI tool. These operations are essential for the skill's primary purpose and target well-known developer services.

debug-ci