The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data from a GitHub Pull Request (description and code diff) which could contain embedded instructions targeting the agent's behavior.
Ingestion points: Output retrieved via gh pr view and gh pr diff commands as specified in SKILL.md.
Boundary markers: The instructions do not employ delimiters (e.g., XML tags) or specific directives to ignore instructions found within the PR content.
Capability inventory: Usage of the gh (GitHub CLI) tool for repository interaction.
Sanitization: No validation or filtering is performed on the PR text before it is presented to the agent context.

pr-49-review