The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill downloads and executes code from arbitrary URLs provided in GitHub bug reports. As seen in reproduce.md, it utilizes npx stackblitz-clone and git clone to acquire external projects. These projects are subsequently executed via pnpm install and pnpm run, which allows for arbitrary code execution from untrusted sources.\n- [EXTERNAL_DOWNLOADS]: The skill fetches projects and data from external platforms like GitHub, StackBlitz, and GitHub Gists based on URLs found in issue reports.\n- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands (pnpm, git, npx) to manage reproduction environments and build components of the Astro monorepo.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from GitHub issues and external repositories. An attacker could craft a bug report with a malicious reproduction project designed to exfiltrate data or execute unauthorized commands.\n
Ingestion points: GitHub issueDetails and repository content in reproduce.md.\n
Boundary markers: No specific boundary markers or 'ignore' instructions are used to separate untrusted data from the agent's logic during the reproduction phase.\n
Capability inventory: Shell command execution (pnpm, git), file system modification, and network access.\n
Sanitization: No sanitization or safety checks are performed on the downloaded code before execution.

triage