The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest and process data from external, untrusted sources including pull request comments, review summaries, and CI logs. This creates an attack surface for indirect prompt injection where an adversary could embed instructions in a comment to manipulate the agent's triage logic or action plan.
Ingestion points: Pull request content and logs retrieved via gh pr view, gh api, and gh run view in SKILL.md.
Boundary markers: The skill does not employ specific delimiters or system-level instructions to differentiate between its own logic and the content of the data being triaged.
Capability inventory: The skill utilizes the gh CLI for read-only data retrieval and standard shell utilities (tail) for log processing; it explicitly restricts the agent from performing write operations, code modifications, or CI interactions.
Sanitization: No explicit sanitization or validation of the retrieved external content is performed before the agent processes and summarizes it.

pr-feedback