The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes GitHub PR review feedback, which is an untrusted external data source. This creates a surface for indirect prompt injection where malicious instructions embedded in a PR comment could influence the agent's actions during the code-fixing phase. Ingestion points: Step 2 fetches PR reviews and comments using gh pr view and gh api. Boundary markers: The skill lacks explicit instructions to treat PR comments as data only or to ignore embedded instructions. Capability inventory: The skill uses Bash, Edit, Write, and Task (sub-agent) tools, allowing it to modify files and interact with the GitHub API. Sanitization: There is no evidence of sanitization or filtering for the feedback content before it is used to describe tasks for the sub-agent.
[COMMAND_EXECUTION]: The skill uses the Bash tool to run gh CLI commands to interact with GitHub PRs. While the skill follows best practices by using file-based inputs for the CLI to prevent direct shell injection, the high-level logic and command parameters are derived from external, untrusted PR data.

doc-n-fix