The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected. The skill follows security best practices for handling untrusted data and managing development workflows.
[PROMPT_INJECTION]: The skill demonstrates high security awareness regarding indirect prompt injection. It includes a 'Data Trust Boundary' in references/code-review.md and references/commit.md, and a 'Guideline Content Boundary' in references/guidelines-audit.md. These boundaries instruct the agent to treat git output and guideline files strictly as data and to ignore any embedded instructions or behavioral modifications.
Ingestion points: Reads untrusted content from git diff, git log, CLAUDE.md, AGENTS.md, and CONTRIBUTING.md.
Boundary markers: Explicitly defines 'Data Trust Boundary' and 'Guideline Content Boundary' sections with specific instructions to ignore embedded directives.
Capability inventory: Uses git (add, commit, push, rebase, merge), gh (PR creation, merging, commenting), and filesystem writes (CODE_REVIEW.md, PR_SUMMARY.md).
Sanitization: Instructs the agent to discard any directives found in VCS output and to scope guidelines strictly to coding standards and project conventions.
[COMMAND_EXECUTION]: The skill uses standard development tools including git and the GitHub CLI (gh). Commands are used in a controlled manner, requiring user confirmation before significant actions like committing, pushing, or merging. The skill also prefers safer operations such as --force-with-lease for force pushes.

git-helpers