The Agent Skills Directory

Untrusted Data Ingestion: The skill is designed to process external issue content (titles and bodies) from the microsoft/apm repository. This content is considered untrusted as it originates from users and could potentially contain instructions aimed at influencing the agent's behavior (Indirect Prompt Injection).
Ingestion Points: Data is retrieved via gh issue view as specified in the execution checklist.
Boundary Markers: The instructions do not currently define explicit delimiters (e.g., XML tags or unique markers) to separate issue content from the agent's internal reasoning instructions.
Capability Inventory: The agent has access to gh api, gh issue view, and safe-outputs.add-comment. These are restricted to the repository scope.
Sanitization: No explicit sanitization or filtering of issue text is mentioned.
Defensive Multi-Persona Architecture: The skill utilizes a sequential reasoning model (specialist lenses and a CEO arbiter). This approach naturally incorporates multiple validation steps and quality gates, which serves as an effective defense-in-depth mechanism against simple adversarial inputs.
Standard Tool Usage: The skill uses the official GitHub CLI (gh) for repository management tasks, which is standard practice for this type of automation and adheres to expected security boundaries for the vendor.

apm-triage-panel