The Agent Skills Directory

[SAFE]: The skill is exceptionally well-architected for security, treating all external input (PR comments and reviews) as untrusted third-party data.
[PROMPT_INJECTION]: The skill implements a comprehensive defense-in-depth strategy against prompt injection. Step 5 and the references/security.md file define specific checks for instruction overrides, homoglyph attacks, hidden text (HTML comments/zero-width characters), and coordinated multi-comment attacks. Detection of these patterns automatically triggers an escalation to manual review, overriding the default 'auto' mode.
[DATA_EXFILTRATION]: No exfiltration vectors were identified. The skill's network operations are strictly limited to official GitHub API endpoints via the gh CLI. Furthermore, the security guidelines explicitly block URL injection attempts intended for data exfiltration.
[COMMAND_EXECUTION]: Shell command usage is restricted to standard development tools (git, jq, gh). The skill validates suggested code changes to ensure they only affect files and lines already present in the PR diff, preventing unauthorized file system modifications.
[CREDENTIALS_UNSAFE]: The skill does not handle or store hardcoded secrets. It utilizes the host environment's existing GitHub CLI authentication and follows best practices for temporary file management using mktemp with secure paths.

pr-comments