The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local system commands to retrieve repository context and build information. It uses gh repo view to determine the base branch and git diff and git log to extract change details. It also invokes grep and make to discover available build targets and test runners within the project structure.
[PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface because it ingests untrusted data from the repository and pull request context to generate the test plan.
Ingestion points: Untrusted data enters the context through git log (commit messages), git diff --name-only (file paths), and the contents of documentation files like README.md, CONTRIBUTING.md, and AGENTS.md (project-specific instructions).
Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard or escape malicious prompts that might be embedded within the PR description, commit messages, or file contents.
Capability inventory: The skill has the capability to execute shell commands (git, gh, make, grep) and write files to the repository root (TEST_PLAN.md).
Sanitization: No evidence of sanitization, escaping, or validation of the strings extracted from the git environment or project files is present before they are interpolated into the prompt or the final output.

cmd-pr-test-plan