The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or exfiltration attempts were detected in the skill instructions.
[COMMAND_EXECUTION]: The skill utilizes the standard gh (GitHub CLI) tool for managing repository issues. This execution is explicitly restricted to a 'Publish mode' which requires user approval after a draft review, preventing unauthorized automated writes.
[EXTERNAL_DOWNLOADS]: The workflow references the installation of a prerequisite skill (code-maturity-assessor) via a skill-installer utility. The instructions specifically point to a framework established by Trail of Bits, a well-known and reputable security research firm.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted code from external repositories to generate issue descriptions.
Ingestion points: Solidity and protocol repository files (SKILL.md).
Boundary markers: None specified for the ingested code blocks.
Capability inventory: gh issue create, gh issue edit, and skill-installer across the workflow.
Sanitization: No explicit sanitization of input data is described; however, the 'Draft first' requirement and mandatory human approval prior to publication serve as robust mitigations against potential injection attacks.

contract-maturity-issue-writer