The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing local shell commands including git and gh (GitHub CLI) to manage branches, stage files, and interact with remote repositories.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external sources to influence its logic and output.
Ingestion points: The skill reads output from git diff, git log, and gh issue list, as well as the content of .github/PULL_REQUEST_TEMPLATE.md.
Boundary markers: Absent. There are no delimiters or instructions to ignore instructions that might be embedded in the code diffs or issue descriptions being summarized.
Capability inventory: The agent has the ability to execute git and gh commands via subprocesses, including pushing code to remote branches and creating pull requests.
Sanitization: Absent. The skill encourages the agent to "analyze the diff to understand the changes" and "infer a branch name" directly from the content of the changes, which could be manipulated by an attacker who has contributed to the codebase.

pr