The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves PR review comments from external sources like GitHub APIs or local files in Phase 2 and passes them to a subagent in Phase 3. Ingestion points: GitHub GraphQL API, REST API, and local markdown files. Boundary markers: The subagent prompt lacks robust delimiters around untrusted comment bodies. Capability inventory: The agent has access to Read, Grep, Bash, Edit, and Write tools which can modify the repository. Sanitization: No sanitization of comment content is performed before interpolation into subagent instructions.
[COMMAND_EXECUTION]: The skill performs various shell operations through the Bash tool and local scripts. Evidence: Uses the gh CLI for GitHub operations, git for source control tasks, and development tools like tsc and turbo for type-checking during the fix validation phase.
[DATA_EXFILTRATION]: The skill accesses repository-specific data to perform its functions. Evidence: It fetches PR metadata, code diffs, and review comments via GitHub APIs. While required for functionality, this involves processing external and potentially sensitive repository data.

fix-pr-review