The Agent Skills Directory

[PROMPT_INJECTION]: The skill proactively mitigates prompt injection by defining 'Content Trust Boundaries'. It instructs the agent to wrap untrusted PR diffs and comments in boundary markers and includes a mandatory trust disclaimer for all sub-agent prompts to ensure external content is treated as data, not instructions.- [COMMAND_EXECUTION]: Implements defensive coding in its shell scripts and instructions. It validates the CONNECTOR_NAME and PR_NUMBER variables against strict alphanumeric/digit-only regular expressions (^[a-zA-Z0-9_-]+$ and ^\d+$) before using them in bash commands, effectively preventing shell injection attacks.- [DATA_EXFILTRATION]: Repository access is limited to standard operations via git and gh. The skill does not perform unauthorized network requests or exfiltrate sensitive environment data to external endpoints.- [EXTERNAL_DOWNLOADS]: The skill references the pr-review-toolkit plugin from an official source (claude-plugins-official). No suspicious or unverified remote script execution patterns (e.g., curl | bash) were found.

datahub-connector-pr-review