The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local command-line tools including git, gh, and grep. These are used to retrieve pull request metadata, diffs, and commit history, as well as to check for code patterns and function call volume within the repository.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from external sources.
Ingestion points: Pull request descriptions, commit messages, and code diffs are retrieved using gh pr view and gh pr diff in SKILL.md.
Boundary markers: There are no specific delimiters or instruction-bypass warnings defined for the processed pull request data.
Capability inventory: The agent can execute shell commands and interact with the GitHub API via the gh tool to post reviews and comments.
Sanitization: The skill does not implement explicit sanitization or filtering for the data ingested from pull requests.
Mitigation: A human-in-the-loop confirmation step is required before the skill performs any write actions on GitHub, which effectively mitigates the risk of automated exploitation.

review-pr