The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill performs a network connectivity check to a well-known service.
Evidence: references/ci-patterns.md suggests using curl -I https://registry.npmjs.org for network diagnostics.
Context: This targets the official npm registry, which is a well-known technology service, for standard diagnostic purposes.
[COMMAND_EXECUTION]: The skill facilitates the execution of common developer tools for testing and reproduction.
Evidence: SKILL.md and references/docker-debug.md include instructions for npm ci, npm test, docker build, and docker run.
Context: These commands are necessary for the skill's functional goal of reproducing CI/CD environment failures locally.
[DATA_EXFILTRATION]: The skill suggests commands that display environment configuration which may include sensitive data.
Evidence: references/ci-patterns.md contains the command env | sort to view the CI environment state.
Detail: While useful for identifying missing configuration, this command exposes all environment variables to the agent's context. In CI environments, these often contain secrets like API keys or tokens.
[PROMPT_INJECTION]: The skill processes untrusted external data, creating a surface for indirect prompt injection.
Ingestion points: references/bug-thread-extraction.md directs the agent to ingest content from GitHub issues and CI logs to extract reproduction steps.
Boundary markers: The skill does not define explicit delimiters or instructions to treat the ingested data as untrusted content.
Capability inventory: The agent is granted shell execution capabilities (via npm and docker) to follow the extracted reproduction steps.
Sanitization: No sanitization or validation of the extracted instructions is implemented, meaning a maliciously crafted bug report could attempt to trick the agent into executing unintended commands.

ci-debug-workflow