The Agent Skills Directory

[SAFE]: The skill interacts exclusively with the local filesystem and GitHub's official services via the gh CLI and git. No unauthorized external connections or data exfiltration attempts were detected.
[COMMAND_EXECUTION]: The skill executes standard development tools to perform its tasks.
Evidence: Uses git for repository analysis, npx for running tsc and eslint, and gh for pull request creation (SKILL.md).
Context: These operations are consistent with the skill's stated purpose. The use of single-quoted heredocs (cat <<'EOF') when passing the PR body to the CLI is a secure practice that prevents unintended shell interpolation of the generated content.
[SAFE]: The skill implements a robust validation framework, including a mandatory checklist and quality gates, which ensures that the agent verifies the integrity and safety of the branch before pushing code or creating a PR (SKILL.md).
[PROMPT_INJECTION]: The skill processes untrusted data from git diffs and user-provided arguments to generate PR content, creating a surface for indirect prompt injection.
Ingestion points: git diff output and user arguments in $ARGUMENTS (SKILL.md).
Boundary markers: The agent is instructed to read the full diff and generate a summary; while heredocs are used for the shell command, no specific delimiters are used to separate the diff content from the agent's instructions during the analysis phase.
Capability inventory: File system read, git push, and PR creation via gh CLI (SKILL.md).
Sanitization: The skill relies on the agent's internal safety filters and the use of the gh CLI rather than direct API calls to manage data submission.

create-pr