The Agent Skills Directory

[DATA_EXFILTRATION]: Example 3 in SKILL.md demonstrates the conversion of a link to a sensitive environment file (.env.clickhouse) described as containing credentials. While the skill's purpose is path conversion, using secrets files as examples for PR descriptions promotes unsafe practices that lead to accidental credential exposure.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. It ingests and processes untrusted pull request body content which is then passed to shell commands.
Ingestion points: Pull request description/body content.
Boundary markers: None specified in the provided link conversion logic or shell scripts.
Capability inventory: Executes commands via gh CLI and bash subprocesses.
Sanitization: No explicit escaping or validation of the $CONVERTED_BODY content is shown before it is interpolated into the gh pr create command.
[COMMAND_EXECUTION]: The skill relies on executing shell scripts (Bash) to interact with the gh CLI and git. While these are standard tools for the stated purpose, the dynamic construction of commands using external PR body data introduces a potential command injection vector if the input is not strictly sanitized.

pr-gfm-validator