The Agent Skills Directory

[Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from external GitHub pull request comments. \n- Ingestion points: The skill fetches comment bodies via gh api and GraphQL queries in SKILL.md (e.g., gh api repos/{owner}/{repo}/pulls/{pr}/comments). \n- Boundary markers: Absent. There are no delimiters or explicit instructions provided to the agent to help it distinguish between valid feedback and malicious instructions embedded within the comments. \n- Capability inventory: The skill grants the agent the ability to execute write operations on GitHub (posting replies, resolving threads) and perform local shell operations (jq, sort, comm). \n- Sanitization: Absent. The skill does not include logic to sanitize or validate the content of the comments before the agent processes them.

github-pr-review-comments