The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from repository file changes to automate the creation of pull request descriptions and commit messages. 1. Ingestion points: Repository content and diffs accessed via git diff and git status. 2. Boundary markers: Absent; no delimiters are used to separate untrusted code content from agent instructions. 3. Capability inventory: Write-access operations including git commit, git push, and gh pr create/edit. 4. Sanitization: Absent; the agent is instructed to summarize changes directly into terminal commands. An attacker could embed instructions in code changes to manipulate the agent's behavior.
[Command Execution] (MEDIUM): The skill dynamically generates shell commands (e.g., git commit -m "...") using strings derived from the codebase, creating a risk of command injection if file names or change summaries are maliciously crafted.

creating-pr