The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local git and gh CLI commands to manage repository state, push code to remote branches, and create pull requests.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes data from the repository that could contain malicious instructions intended to influence the agent's output.
Ingestion points: Commit logs and code diffs are read from the local repository environment using git log and git diff in SKILL.md.
Boundary markers: The skill uses markdown templates and shell heredocs to structure the PR body, but lacks specific instructions for the agent to ignore instructions embedded within the ingested commit data.
Capability inventory: The skill has the ability to perform network operations and modify remote repository state via git push and gh pr create as documented in SKILL.md.
Sanitization: There is no evidence of sanitization or filtering applied to commit messages or diff content before they are used to generate the pull request title and summary.

pr