The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It retrieves untrusted content from GitHub issues using the gh issue view command as seen in references/fix-phases.md. This content is directly interpolated into the prompts for specialized sub-agents (e.g., debug-investigator, backend-system-architect) in references/agent-teams-rca.md and references/fix-phases.md. These agents have access to Bash, Write, and Edit tools. No boundary markers or sanitization procedures are implemented to prevent malicious instructions embedded in issue descriptions from being executed.
[COMMAND_EXECUTION]: The skill implements a persistence mechanism via scheduled tasks. In SKILL.md, it utilizes the CronCreate tool to periodically run the gh pr checks command to monitor pull request status. While serving a legitimate automation purpose, this establishes recurring shell command execution in the background.
[REMOTE_CODE_EXECUTION]: A hook configuration in SKILL.md defines a PreToolUse trigger that executes a local script (run-hook.mjs) whenever the Read tool is invoked. This enables automated execution of JavaScript code during routine file read operations.
[EXTERNAL_DOWNLOADS]: The documentation in SKILL.md recommends that the user globally install the portless package via npm to facilitate service discovery and visual debugging. This involves downloading and installing third-party software from an external registry.

fix-issue