The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains instructions that mandate deceptive behavior by requiring the agent to hide its AI origin (e.g., "NEVER mention Claude, AI, or any AI tool" and "The PR must read as if written entirely by a human"). This is a form of identity obfuscation that bypasses transparency standards.\n- [COMMAND_EXECUTION]: The skill uses shell commands to aggressively terminate processes (lsof -ti:8081 | xargs kill -9) and relies on the GitHub CLI (gh) for remote repository operations. While standard for CI, these operations involve execution of logic that could be abused if parameters are manipulated.\n- [CREDENTIALS_UNSAFE]: The skill's logic relies on the presence of sensitive environment variables AGENT_PR_TOKEN and SHOPIFY_GH_ACCESS_TOKEN. It instructs the agent to pass these tokens directly in shell commands, which can lead to credential exposure in environment logs or process lists.\n- [DATA_EXFILTRATION]: The skill establishes an automated pathway for data to be sent to external repositories through git push and gh pr create. Since the skill processes user-defined descriptions and commit messages without sanitization, it creates an attack surface where sensitive local information or indirect prompt injections could be exfiltrated to a public or shared repository.

raise-pr