The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses user-provided arguments and PR metadata directly in shell commands, such as gh pr diff {pr_number} and gh pr edit {pr_number} in SKILL.md. Without strict validation of these variables, this pattern allows for shell command injection.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data. * Ingestion points: PR titles, bodies, and diffs are read via gh pr view and gh pr diff in SKILL.md. * Boundary markers: The skill uses HTML comment markers  to wrap its output. * Capability inventory: The agent uses gh pr edit to modify the PR description and mktemp to create files. * Sanitization: The skill relies on behavioral instructions to ignore embedded commands and perform basic escaping of file paths.- [COMMAND_EXECUTION]: The skill instructs the agent to dynamically generate Python scripts and execute them at runtime to handle string manipulations and bypass shell-specific character expansion issues (Step 4 and 5 of SKILL.md). Executing code generated at runtime is a high-risk capability.

pr-human-guide