The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the gh command-line tool to perform repository operations such as gh pr view to identify the current PR and gh api to fetch comments and post replies. These actions are standard for interacting with the GitHub platform within a developer workflow.
[PROMPT_INJECTION]: The skill processes untrusted input from external collaborators (human or bot PR comments), which constitutes an indirect prompt injection surface. 1. Ingestion points: Comments and reviews fetched via gh api in SKILL.md. 2. Boundary markers: Absent; the skill does not use specific delimiters to isolate external comment text from its internal logic. 3. Capability inventory: The skill can modify project files using the Edit tool and write to the network (GitHub API) via the gh CLI. 4. Sanitization: No filtering or sanitization of external comment content is performed. However, the requirement for explicit user approval for every code edit and reply significantly reduces the likelihood of automated exploitation.

review