The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes data from the repository's history and working tree to generate PR descriptions. \n- Ingestion points: Reads content from git diff, git log, and existing pull requests via gh pr view in SKILL.md. \n- Boundary markers: The skill does not employ explicit delimiters or instructions to ignore embedded commands within the processed repository data. \n- Capability inventory: The skill has the ability to write to GitHub pull request metadata using gh pr create and gh pr edit as seen in SKILL.md. \n- Sanitization: There is no evidence of sanitization for the ingested repository content before it is processed by the model. \n- [COMMAND_EXECUTION]: The skill uses the git and gh CLI tools for repository management, which is the intended and expected behavior for this tool. \n- [DATA_EXFILTRATION]: The skill transmits data to GitHub to facilitate the creation and management of pull requests. Since GitHub is a well-known service and these operations are essential to the skill's function, this is documented as standard activity.

git-commit-push-pr