The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting untrusted data from GitHub comments and incorporating it into the initial prompt for an OpenHands conversation.
Ingestion points: The scripts/main.py script polls for new comments via the GitHub API endpoints /repos/{owner}/{repo}/issues/comments and /repos/{owner}/{repo}/pulls/comments.
Boundary markers: The script uses triple-dash (---) delimiters in the _build_initial_prompt function to isolate the external comment body from other prompt context.
Capability inventory: The automation spawns agents with the terminal and file_editor tools, providing shell and file system access if the agent is manipulated by injected instructions.
Sanitization: No sanitization, escaping, or filtering of the GitHub comment body is performed before it is interpolated into the agent prompt.
[COMMAND_EXECUTION]: The setup instructions in SKILL.md guide the user to execute shell commands for token verification and packaging the automation script. These operations are within the expected scope of the skill's setup workflow.
[SAFE]: The skill interacts with GitHub's official API (api.github.com), which is a well-known and trusted service. It also uses the platform's native secret management (get_secret) to handle sensitive credentials securely.

github-repo-monitor