The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external, potentially untrusted data from git diff, git log, and project guideline files (such as CLAUDE.md and AGENTS.md). It mitigates indirect prompt injection through explicit 'Data Trust Boundary' and 'Guideline Content Boundary' directives. \n
Ingestion points: Reads code changes and logs via git and configuration files via cat or find. \n
Boundary markers: Explicitly defined in SKILL.md and reference files (e.g., references/code-review.md), instructing the agent to treat VCS output as data only and ignore embedded instructions. \n
Capability inventory: File creation (CODE_REVIEW.md, PR_SUMMARY.md), git workflow management, and GitHub PR operations via gh CLI. \n
Sanitization: Instructions mandate discarding any behavioral suggestions or safety bypass attempts found within the data being analyzed. \n- [COMMAND_EXECUTION]: The skill executes local version control commands. These are restricted to standard development workflows. Crucially, the skill enforces mandatory preview and user confirmation steps before executing impactful commands like git commit or git push.

git-helpers