The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill implements a command, stax comments, which retrieves and displays Pull Request comments from GitHub. This functionality creates an attack surface for indirect prompt injection, where an external actor could place malicious instructions in a PR comment that the agent might subsequently process.
Ingestion points: SKILL.md and references/commands.md specify the stax comments command for fetching remote PR data.
Boundary markers: The skill does not provide instructions to wrap the comment output in delimiters or treat it as untrusted content.
Capability inventory: The skill has extensive shell execution capabilities via the stax and git binaries across all reference files.
Sanitization: No explicit sanitization or filtering of the PR comment content is documented.
[COMMAND_EXECUTION]: The skill manages complex Git workflows through the stax CLI. It includes a reference to stax shell-setup --install in references/commands.md, which is a utility to modify shell profile configuration files (~/.bashrc, ~/.zshrc) to enable shell integration. While this is a standard developer tool feature, it is a persistence-related operation that modifies system configuration.

stax