The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/gather.py uses the subprocess.run function with shell=True to execute GitHub CLI (gh) commands. This allows the skill to retrieve repository information, run statuses, and pull request data. This behavior is consistent with the skill's primary purpose as a metrics aggregator.\n- [EXTERNAL_DOWNLOADS]: The dashboard template (templates/dashboard.html) fetches frontend libraries (React, Recharts) from cdn.jsdelivr.net and fonts from Google. These are well-known, trusted services used solely for UI rendering in the browser.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted data (issue titles from Linear/Jira and PR titles from GitHub). Evidence chain: 1. Ingestion points: scripts/gather.py loads issue/PR JSON; 2. Boundary markers: Absent in scripts, though SKILL.md Step 4 enforces prose structure; 3. Capability inventory: Subprocess calls (gh CLI) and file writing (/tmp/); 4. Sanitization: scripts/populate.py uses json.dumps() to escape data before injection into the HTML template.\n- [SAFE]: The agent instructions in SKILL.md include explicit security constraints, such as prohibitions against starting local HTTP servers or using automated browser drivers like Playwright, minimizing the skill's local execution risk.

engineering-manager