The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands to interact with the local git repository and GitHub via the gh CLI.
Evidence: Uses git push -u origin <branch> to push code to the remote repository.
Evidence: Uses gh pr create and gh pr edit to create or update pull request metadata and descriptions.
Evidence: Executes gh pr diff, gh pr view, and git diff to gather context from the environment.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it synthesizes descriptions based on untrusted external data.
Ingestion points: The skill reads content from local repository files, specifically SPEC.md, changed source code files, and existing pull request descriptions fetched via gh pr view.
Boundary markers: No explicit boundary markers or "ignore embedded instructions" warnings are used when processing the contents of the spec or code diffs.
Capability inventory: The skill can push code to remote branches and modify GitHub PR content, which could be abused if the agent is manipulated by instructions hidden in the code or documentation it reads.
Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from the repository before it is used to generate the PR narrative.

pr