The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external, untrusted content from GitHub.
Ingestion points: Review threads and comments fetched via gh api graphql (SKILL.md).
Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore embedded instructions in PR comments.
Capability inventory: The skill is authorized to modify code, execute build/test commands, and push commits to the repository (SKILL.md).
Sanitization: Absent. There is no logic provided to sanitize or validate the content of ingested comments before they are processed by the agent.
[COMMAND_EXECUTION]: The skill executes several standard developer tools to perform its tasks.
It uses gh (GitHub CLI) for status monitoring and API interactions.
It uses jq for parsing JSON responses from the CLI.
It uses git for pushing code fixes as described in the workflow.
It mentions running arbitrary test and build commands which are part of the user's local development environment.

babysit