The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on shell commands including git, gh, jq, and awk for its core functionality. It implements robust security measures to prevent injection, such as validating that PR numbers are positive integers and using heredocs with quoted delimiters to pass generated content to the GitHub CLI. These patterns effectively isolate data from execution context.
[PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection. 1. Ingestion points: Untrusted data enters the agent context via git log, git diff, and git show (SKILL.md lines 142-170, analyze-pr.sh lines 100-140). 2. Boundary markers: Absent; repository data is processed directly without delimiters. 3. Capability inventory: The skill possesses the capability to modify PR metadata using gh pr edit (SKILL.md line 330). 4. Sanitization: The skill does not programmatically sanitize repository data but includes a mandatory 'Quality Verification Checklist' to encourage human review of generated summaries, mitigating the risk of executing embedded instructions found in commits or code.

PR Title and Description Generator