The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the gh and git CLIs to perform repository operations, including pushing branches (git push) and creating pull requests (gh pr create). These operations are consistent with the skill's documented purpose.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it extracts data from untrusted external sources (branch names and local project files) to influence its behavior and command construction.
Ingestion points: Reads the current branch name via git, project-specific conventions from .skills/conventions.json, and execution checklists from blueprint.md or slices.md.
Boundary markers: No explicit boundary markers or instructions are provided to the agent to distinguish between its own instructions and the content parsed from these files.
Capability inventory: The skill has the capability to execute shell commands (Bash) and read local files (Read).
Sanitization: There are no instructions to sanitize or escape the extracted ID, summary, or configuration patterns before they are interpolated into the gh pr create shell command.

create-pr