The Agent Skills Directory

[PROMPT_INJECTION]: No direct or indirect instruction overrides were detected. While the skill ingests untrusted data from log files, it lacks the dangerous capabilities required to fulfill malicious instructions.
Ingestion points: Processes content from markdown files within the .learnings/ directory (e.g., LEARNINGS.md, ERRORS.md) as described in references/workflow-example.md.
Boundary markers: The skill is governed by a deterministic and read-only CI contract, though specific delimiters for parsed metadata fields are not defined.
Capability inventory: Operations are restricted to local file reads, metadata parsing, GitHub issue/comment interaction, and artifact uploads. No access to arbitrary command execution or file system modification.
Sanitization: No explicit sanitization or validation logic is specified for the parsed metadata fields.
[DATA_EXFILTRATION]: Access is strictly limited to project learning logs for aggregation purposes. There is no unauthorized access to sensitive system files, credentials, or third-party network endpoints. Communication is restricted to standard GitHub Actions outputs.
[REMOTE_CODE_EXECUTION]: No instances of remote code execution or execution of untrusted scripts were found. The skill utilizes the gh-aw GitHub CLI extension, which is provided by a trusted organization.
[COMMAND_EXECUTION]: The workflow implementation is dedicated to data processing and does not invoke arbitrary shell commands or execute unsanitized user-supplied strings.
[SAFE]: No obfuscation, privilege escalation, persistence mechanisms, or metadata poisoning were detected. The skill's behavior matches its stated purpose.

learning-aggregator-ci