The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection risk. The skill processes findings from external reports, CI logs, and user-provided lists to determine code modifications. 1. Ingestion points: The skill reads report files in .cheese/age/, CI failure summaries, and manually pasted findings lists. 2. Boundary markers: While the skill mentions a structured handoff context from previous steps, it lacks robust delimiters to prevent embedded instructions within findings from being interpreted as authoritative. 3. Capability inventory: The skill uses cheez-write for local file system edits and /gh to push updates to remote branches. 4. Sanitization: There is no explicit mechanism for sanitizing or validating the content of external findings before they are used to generate code changes.
[COMMAND_EXECUTION]: The skill executes project-specific commands for testing, linting, and building. This capability involves running scripts defined within the repository, which can lead to the execution of arbitrary local code.
[DATA_EXFILTRATION]: The skill utilizes the GitHub CLI (gh) to commit and push changes to remote repositories. This network operation is consistent with its stated purpose of managing pull requests on a well-known service.

cure