The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted content from external bug reports (GitHub, Linear, etc.). An attacker could craft a malicious bug report containing instructions to divert the agent from its primary task.
Ingestion points: The skill ingests 'Bug report context' and 'Assigned repro path or hypothesis' directly from external issue bodies and comments.
Boundary markers: There are no explicit boundary delimiters or 'ignore embedded instructions' warnings around the untrusted data; the skill uses placeholders like ''.
Capability inventory: The skill uses run_agents with remote.computer_use_enabled: true, allowing remote shell access, file system writes (screenshots/logs), and application installation.
Sanitization: No sanitization or validation of the ingested bug report content is specified before it is processed by the agent.
[COMMAND_EXECUTION]: The skill executes commands in a remote environment via 'Oz cloud agents' with computer use enabled to interact with applications and capture screenshots. This is a primary intended function of the skill.
[EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install application artifacts (versions, builds, or channels) to replicate the reporter's environment. The instructions include a preference for 'repository-approved' artifacts, which mitigates risk.

reproduce-bug-report