The Agent Skills Directory

[COMMAND_EXECUTION]: The skill runs project-level scripts such as npm test, pytest, go test, and cargo build to perform pre-PR checks. This behavior exposes the agent to arbitrary code execution if the repository being processed contains malicious scripts within its build or test configurations.
[REMOTE_CODE_EXECUTION]: By executing tests and builds on potentially untrusted repository code, the skill allows for the execution of untrusted logic in the agent's environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by harvesting data from git log, git diff, and PR templates to generate pull request content. * Ingestion points: The skill reads file content from .github/PULL_REQUEST_TEMPLATE.md and uses output from git log and git diff. * Boundary markers: The skill lacks delimiters or protective instructions when interpolating this untrusted data into its prompts. * Capability inventory: The skill possesses the Bash tool, allowing it to execute system commands, manage files, and interact with remote platform CLIs. * Sanitization: No validation or escaping is performed on the content retrieved from the repository before it is processed.

create-pr