The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses standard gh (GitHub CLI) and git commands for pulling PR data, committing fixes, and pushing changes. These operations are scoped to the project and PR context provided by the user.
[EXTERNAL_DOWNLOADS]: The skill references internal scripts located within its own package (e.g., scripts/get-pr-comments) to perform complex GraphQL queries. There are no downloads from untrusted third-party sources.
[DATA_EXFILTRATION]: No patterns of data exfiltration were detected. Network operations are restricted to official GitHub API endpoints via the gh tool to perform PR management tasks.
[PRIVILEGE_ESCALATION]: The skill does not request elevated privileges. It uses the user's existing gh and git credentials to interact with repositories they already have access to.
[INDIRECT_PROMPT_INJECTION]: The skill processes PR comments which are untrusted data. However, it uses a multi-agent 'compound-engineering' architecture where individual agents handle specific threads, and the parent skill enforces a strict verification loop and manual 'needs-human' escalation path for ambiguous or conflicting feedback, mitigating the risk of instructions embedded in comments overriding the agent's core logic.

resolve-pr-feedback