The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Retrieves pull request metadata, file patches, and user comments from GitHub's official API using the gh CLI tool, which is a trusted well-known service.
[PROMPT_INJECTION]: The skill processes untrusted content from GitHub Pull Requests, constituting a surface for indirect prompt injection.
Ingestion points: PR titles, descriptions, and code patches are fetched via gh api and embedded into the generated walkthrough.
Boundary markers: The workflow does not explicitly define delimiters to separate untrusted PR data from the agent's logic or the generated HTML structure.
Capability inventory: Includes subprocess execution for data fetching, file system write access in /tmp/ for assembly, and local network hosting via Python's http.server on 127.0.0.1:8432.
Sanitization: Implements multiple layers of protection, including jq with regex-based key normalization (gsub), Python-based escaping of script-terminating sequences in the JSON payload, and a JavaScript esc() utility for HTML entity escaping in the frontend.
[COMMAND_EXECUTION]: Instructs the agent to construct shell commands (gh api) using user-provided parameters like owner, repository names, and pull request numbers. While the skill uses jq to handle the data safely once retrieved, the initial command construction relies on the agent's ability to sanitize parameters during interpolation.

pr-review-canvas