The Agent Skills Directory

[DATA_EXFILTRATION]: Accesses the sensitive file path ~/.circleci/cli.yml to extract a CircleCI API token for authentication.
[COMMAND_EXECUTION]: Executes an inline Python script via python3 -c to process API responses and dynamically fetch log content.
[EXTERNAL_DOWNLOADS]: Performs network requests to circleci.com and retrieves log files from pre-signed S3 URLs (output_url) provided by the API.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from CircleCI logs and displays them to the agent.
Ingestion points: Data fetched from external output_url links in SKILL.md.
Boundary markers: None identified; log content is processed without delimiters or warnings to ignore embedded instructions.
Capability inventory: File system access (grep), network operations (curl, urllib.request), and dynamic code execution (python3) are available in SKILL.md.
Sanitization: None; while log messages are truncated to 2000 characters, they are not sanitized or filtered for malicious instructions.

fetching-circleci-logs