The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Personal Access Tokens (PAT) for Azure DevOps are interpolated directly into LLM subagent prompts (e.g., the {PAT} variable in references/stage-prompts.md). This practice exposes sensitive credentials to the AI model provider's infrastructure and intermediate logging systems.
[DATA_EXFILTRATION]: The skill is designed to transmit sensitive authentication tokens (PAT) to an external LLM service via prompt interpolation. While intended for functional API access, this constitutes the exfiltration of credentials from the local environment to a third-party service provider.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8). (1) Ingestion points: The subagents read and process untrusted code diffs and CI logs (via gh run view, az pipelines logs, etc.). (2) Boundary markers: None; external data is interpolated into prompts without delimiters. (3) Capability inventory: Subagents possess the ability to execute shell commands and modify source files. (4) Sanitization: No sanitization or validation of the processed data is performed before interpolation.
[COMMAND_EXECUTION]: The skill orchestrates complex workflows using powerful CLI tools (git, gh, az) and bash scripts. This high degree of automation, combined with LLM-generated commands and potential prompt injection, creates a significant risk of unauthorized command execution.

ship