The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the gh (GitHub CLI) tool to interact with the NVIDIA/Megatron-LM repository. It executes commands to view runs, fetch logs, retrieve PR metadata, search for existing issues, and create new issues. While these actions are confined to a specific repository, the skill is designed to automate these tasks, including user assignment, which may occur without specific human review for each operation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its processing of untrusted external data.
Ingestion points: Untrusted content enters the agent's context when it fetches raw logs from GitHub Actions (gh api repos/NVIDIA/Megatron-LM/actions/jobs/<job_id>/logs) and metadata from pull requests.
Boundary markers: The skill instructions recommend wrapping the extracted root cause in markdown code blocks within the final issue body. However, there are no instructions or delimiters provided to the agent to ignore potentially malicious instructions embedded within the logs during the initial analysis and triage phase.
Capability inventory: The agent has the capability to execute shell commands (gh CLI), which includes the ability to create and modify GitHub issues.
Sanitization: Beyond limiting the error log snippet to approximately 30 lines in the final output, there is no validation or filtering performed on the content retrieved from the logs to prevent the agent from being influenced by adversarial text embedded in the build output.

mcore-create-issue