The Agent Skills Directory

[PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it is designed to ingest and act upon untrusted data from GitHub Pull Requests.
Ingestion points: Data is retrieved from PR descriptions, labels, and metadata via gh pr view commands, and from PR comments via GitHub Action event triggers (github.event.comment.body).
Boundary markers: No explicit boundary markers or directives (such as 'ignore embedded instructions') are implemented to separate untrusted PR content from the agent's command logic.
Capability inventory: The skill has access to sensitive tools including Bash for command execution, Write and Edit for filesystem modification, and GitHub management tools such as mcp__github__merge_pull_request.
Sanitization: The implementation patterns show PR content being interpolated directly into shell arguments and passed to external utilities without visible sanitization or input validation.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute GitHub CLI (gh) and the vendor's own ruv-swarm commands, incorporating data from external PR sources into these execution strings.
[EXTERNAL_DOWNLOADS]: The skill uses npx ruv-swarm to download and execute the vendor's swarm management package at runtime, which is standard behavior for accessing the 'ruvnet' ecosystem resources.

agent-swarm-pr