The Agent Skills Directory

[SAFE]: The skill operates within the scope of PR management and interacts exclusively with well-known services (GitHub) via the official 'gh' CLI and 'git' tools. No evidence of hardcoded credentials, unauthorized data exfiltration, or persistence mechanisms was found.
[PROMPT_INJECTION]: The skill processes untrusted external data in the form of PR review comments, which presents a surface for indirect prompt injection. This risk is effectively mitigated by the skill's multi-layered defense architecture: 1. Ingestion points: External data enters via GitHub API comment endpoints and local review report files. 2. Boundary markers: Instructions for verification agents use clear delimiters to isolate comment text from execution context. 3. Capability inventory: The skill has the ability to write to the file system, commit code, and post PR replies. 4. Sanitization: All suggestions are semantically verified against the actual codebase by a high-capability model, and a mandatory user approval gate is required before any destructive or external actions occur.

resolving-pr-issues