The Agent Skills Directory

[General] (SAFE): Analysis of the skill reveals only standard version control operations and GitHub CLI usage. There are no attempts to exfiltrate data, bypass security controls, or execute arbitrary remote code.
[Indirect Prompt Injection] (LOW): 1. Ingestion points: git log and git diff output in SKILL.md. 2. Boundary markers: Shell heredoc delimiters (EOF) used in the gh pr create command. 3. Capability inventory: Subprocess execution of git and gh. 4. Sanitization: No explicit sanitization of git output before inclusion in PR body. This surface is inherent to the primary purpose of creating PR descriptions from code changes and is considered safe in this context.

create-pr