The Agent Skills Directory

PROMPT_INJECTION (LOW): This skill is vulnerable to indirect prompt injection because it processes external, untrusted PR comments. An attacker could craft a comment to manipulate the agent's behavior during code analysis or fixing. Evidence Chain: (1) Ingestion points: PR Code Review comments as mentioned in Section 6. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the skill logic. (3) Capability inventory: The skill supports the /fix-pr-review workflow, which implies code editing capabilities. (4) Sanitization: No sanitization or validation of the input comment content is described.

pr-review-analysis