The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill executes pnpm install to download dependencies from the npm registry. This operation is performed on a Pull Request branch that may contain untrusted code or modified manifest files.\n- [REMOTE_CODE_EXECUTION]: Running pnpm install on an untrusted branch poses a risk of remote code execution. Attackers can define malicious lifecycle scripts (such as preinstall or postinstall) in the package.json file of a Pull Request which are automatically executed by the package manager during installation.\n- [COMMAND_EXECUTION]: The skill uses a wide range of shell commands for Git operations, GitHub CLI interactions, and build processes (pnpm build, pnpm test). These commands operate on the local file system and repository context.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.\n
Ingestion points: The skill reads external data from .local/review.md and metadata from the GitHub API via gh pr view.\n
Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when processing the review findings.\n
Capability inventory: The agent has permissions to execute shell commands and push changes to remote repositories.\n
Sanitization: No sanitization or validation of the review content is performed before the agent is instructed to follow its findings as tasks.

prepare-pr