The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external data from scientific articles and GitHub issues, creating an attack surface for indirect prompt injection (Category 8).
Ingestion points: Uses the WebFetch tool for external URLs and the gh issue view command for GitHub content.
Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the fetched external content.
Capability inventory: The generated Proposal block is consumed by the iterate-ml-experiment skill, which possesses file-writing capabilities (journal/NN_*.md).
Sanitization: No explicit sanitization or filtering of the external content is mentioned.
[COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to interact with remote repositories.
Patterns: Executes gh auth status, gh issue view, and gh api to retrieve task descriptions and discussion comments.
Context: These operations are central to the skill's purpose of sourcing experiment ideas from GitHub issues.
[EXTERNAL_DOWNLOADS]: The skill fetches external content from arbitrary URLs using the WebFetch tool.
Context: Used to read scientific papers, blog posts, or library documentation to inform the experiment proposal.
[DATA_EXFILTRATION]: The skill performs network operations to non-whitelisted domains via WebFetch and possesses local file access via the Read tool.
Risk: While intended for legitimate research, the combination of file-reading and network-fetching tools represents a theoretical path for summarizing and sending sensitive local data.
Mitigation: This risk is significantly mitigated by the mandatory 'Confirm before returning' gate, which requires a human user to explicitly approve the agent's synthesis and method outline before any proposal is finalized.

iterate-from-user