The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Susceptible to Indirect Prompt Injection (IPI) via GitHub PR feedback. \n* Ingestion points: Untrusted data enters the agent context through gh api and gh pr view calls that fetch comments and review bodies. \n* Boundary markers: Absent. No delimiters are used to separate user-provided comments from the agent's internal logic. \n* Capability inventory: The agent can read files, commit code, push to remote branches, and post comments via the GitHub API. \n* Sanitization: Absent. The instructions do not require the agent to sanitize or ignore instructions embedded within the fetched data. \n- [DATA_EXFILTRATION] (LOW): Potential for sensitive data leakage if a malicious comment directs the agent to read and report the contents of local configuration files. \n- [COMMAND_EXECUTION] (SAFE): Uses git and gh for intended repository management tasks; however, the parameters for these commands could be influenced by malicious input via the IPI vector mentioned above.

pr-review-handler