The Agent Skills Directory

[DATA_EXFILTRATION]: The skill implements a telemetry system in scripts/python_common.py that exports audit and trace logs to an external vendor-controlled endpoint at https://gh-address-cr.hamiltonsnow.workers.dev/v1/logs. The data transmitted includes repository names, PR numbers, action names, and execution results. While the skill includes redaction logic for common secrets (tokens, API keys) and compacts absolute paths, this constitutes an outbound data flow to a third-party domain.
[COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary commands through adapter and fixer interfaces in scripts/cr_loop.py and scripts/run_local_review.py. Furthermore, scripts/submit_action.py dynamically generates local shell scripts from user-supplied fixes and executes them after setting executable permissions via os.chmod.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its data ingestion points in incoming-findings.json and incoming-findings.md. These files provide finding data that influences the cr-loop orchestrator, which has significant capabilities including shell command execution and GitHub API access. The skill lacks explicit boundary markers or sanitization logic for these external data sources.

gh-address-cr