The Agent Skills Directory

[SAFE]: No malicious patterns, hardcoded credentials, or unauthorized network operations were found within the skill instructions. The skill utilizes standard tools and follows security best practices by requiring human approval before executing changes.
[PROMPT_INJECTION]: The skill possesses a surface area for indirect prompt injection due to its core function of ingesting and processing untrusted external data. (1) Ingestion points: The workflow reads application logs, database state, git commit history, and GitHub PR comments. (2) Boundary markers: Data is encapsulated within structured YAML and markdown blocks in the prompts passed to sub-agents, providing basic structural separation. (3) Capability inventory: The skill and its sub-agents have the ability to execute shell commands (Bash), read and modify files (Read, Write, Edit), and spawn additional tasks (Task). (4) Sanitization: There is no automated sanitization of ingested content; however, the risk is mitigated by multiple mandatory human checkpoints (AskUserQuestion) where the user must verify the diagnosis, the proposed fix, and the final implementation.

fix