The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from the repository's git history and diffs to generate descriptions. This constitutes an indirect prompt injection surface where malicious instructions embedded in commit messages or code comments could attempt to influence the agent's output.\n- Ingestion points: Results of git diff and git log executed in SKILL.md.\n- Boundary markers: None identified; the agent is not explicitly told to ignore instructions within the diff content.\n- Capability inventory: The skill can write to the local filesystem (PR_DESCRIPTION.md), interact with the system clipboard (pbcopy), and modify remote GitHub pull request metadata (gh pr edit).\n- Sanitization: No sanitization or filtering is performed on the ingested git data before it is processed by the model.\n- [COMMAND_EXECUTION]: The skill utilizes several shell commands to perform its tasks, including git, gh (GitHub CLI), and standard Unix utilities.\n- Commands are used to identify the base branch, calculate diff statistics, and retrieve commit logs.\n- The skill uses gh pr edit to update remote repository state, although it correctly includes a human-in-the-loop check (AskUserQuestion) before execution.

cmd-pr-description