The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to collect local git status, repository metadata, and pull request content, which is then sent to GitHub's servers via the gh CLI. While this is the intended functionality for performing code reviews, it involves the transmission of potentially sensitive repository details to an external service.
[COMMAND_EXECUTION]: The skill relies on the execution of local shell scripts (collect_pr_context.sh, post_review.sh) and system binaries including gh and git. These scripts perform file system operations and network requests to facilitate the review workflow.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from GitHub pull requests (such as titles, bodies, and code comments) and incorporates them into the agent's context. This could be used by an attacker to influence the agent's behavior during the review process.
Ingestion points: Pull request metadata and diffs are fetched in scripts/collect_pr_context.sh using the gh pr view and gh pr diff commands.
Boundary markers: No explicit delimiters or boundary markers are used to isolate untrusted PR content from the agent's primary instructions.
Capability inventory: The skill allows the agent to execute shell commands (e.g., for running project tests) and perform network operations via the GitHub API (e.g., posting review comments).
Sanitization: The skill does not perform sanitization or validation of the PR content before processing it for review findings.

github-pr-review