The Agent Skills Directory

[COMMAND_EXECUTION]: Uses standard git and gh (GitHub CLI) commands to manage branches, commits, and pull requests. These operations are transparent and consistent with the skill's description.- [DATA_EXPOSURE]: Reads local repository information including diffs and logs to construct PR titles and bodies. This is the primary function of the tool and does not involve exfiltration to external domains or access to sensitive user configuration files.- [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for indirect prompt injection as it reads file diffs (from git diff) and repository status (from git status) to generate PR summaries. While there are no explicit boundary markers or sanitization routines mentioned in the instructions, the risk is considered low as it only affects the descriptive text of the PR and does not trigger unsafe command execution with the ingested data.

session-pr