The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using the gh CLI and git to perform its primary functions: fetching PR status, viewing comments, committing fixes, and pushing changes. These operations are restricted to the local repository and the specific pull request context.\n- [DATA_EXFILTRATION]: The skill reads pull request data, including review comments and thread status, using the GitHub GraphQL API. This information is processed locally by the agent to determine the necessary code modifications and is not transmitted to unauthorized external endpoints.\n- [EXTERNAL_DOWNLOADS]: The skill is installed using npx skills add, which fetches the skill configuration from the author's repository. This is a standard installation procedure for the platform and targets a vendor-owned resource.\n- [PROMPT_INJECTION]: The skill processes external data (PR comments) that could contain malicious instructions. It effectively mitigates this risk by using jq --rawfile and quoted heredocs ('EOF') when interacting with the shell and APIs, ensuring the agent remains in control of the execution flow.\n
Ingestion points: PR comments are retrieved via gh api graphql as defined in SKILL.md.\n
Boundary markers: The workflow follows a strict triage-and-fix loop, utilizing local plan files (.pr-review/plan-*.md) to isolate the processing of each comment.\n
Capability inventory: Uses the gh CLI for GitHub interactions and git for file system changes.\n
Sanitization: Implements robust input handling via jq to sanitize content before it is used in API requests.

pr-review-loop