The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes dynamic context injection in the SKILL.md file (using the exclamation mark and backticks syntax) to execute benign git commands such as git status and git rev-parse at load time. These are used solely for gathering repository state. Additionally, the skill executes git, gh (GitHub CLI), and a local Python script for branch management and PR creation. All subprocess executions follow safe patterns by using argument lists rather than shell strings.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it aggregates untrusted repository data to construct pull request descriptions.
Ingestion points: Commit messages and diff statistics are retrieved via git log and git diff within scripts/format-pr-body.py.
Boundary markers: The generated PR description concatenates these messages without isolation delimiters or instructions for the agent to ignore embedded commands.
Capability inventory: The skill possesses capabilities to push code to remote origins and create pull requests on GitHub.
Sanitization: There is no evidence of filtering, sanitization, or validation of the commit history content before it is included in the PR body.

push-pr