The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external issue trackers which is used as instructions for code implementation and project modification.
Ingestion points: Step 2 in SKILL.md fetches the full body and all comments from GitHub, GitLab, Jira, or Linear issues.
Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested tracker data.
Capability inventory: The skill can perform file writes, modify project configuration (Step 11), and execute arbitrary shell commands for build and test validation (Step 12).
Sanitization: No specific sanitization or validation is applied to the ingested issue data before processing.
[DYNAMIC_EXECUTION]: The skill dynamically locates and executes scripts within the platform's plugin environment.
Evidence: The scripts/resolve-codex.py script searches for codex-companion.mjs within the local .claude/plugins/ directory and executes it using subprocess.run() to provide code review functionality.
[COMMAND_EXECUTION]: The skill executes build and test commands defined by the target repository.
Evidence: SKILL.md Step 12 instructs the agent to run the repository's standard pre-commit checks, which are arbitrary commands determined by the repository's own configuration and guides.
[EXTERNAL_DOWNLOADS]: The skill communicates with well-known issue tracking platforms to retrieve task metadata.
Evidence: Fetches data from GitHub, GitLab, Jira, and Linear via their respective official REST APIs or CLI tools as part of its core functionality.

forge