The Agent Skills Directory

Indirect Prompt Injection Surface: The skill is designed to ingest and analyze untrusted data from pull requests, including code diffs, descriptions, and comments. This creates a potential surface for indirect prompt injection. Ingestion points: PR data enters the context through gh pr view, gh pr diff, and git diff as described in SKILL.md. Boundary markers: The skill utilizes delimiters such as <formatted_context>, <pr_or_issue_body>, and <comments> in GitHub Actions mode to help distinguish external content. Capability inventory: The skill allows for the execution of git and gh shell commands and the spawning of sub-agents to perform detailed investigations. Sanitization: The provided instructions do not specify explicit sanitization or filtering of the content retrieved from GitHub.
Standard Tool Integration: The skill interacts with the local environment using git and the GitHub CLI (gh). These interactions are limited to viewing repository state and metadata, which is consistent with the intended purpose of a PR review tool and follows common developer workflows.

pr-review