The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to indirect prompt injection from untrusted data. Ingestion points: Fetches PR titles, bodies, and comments via gh pr view and gh api commands as documented in SKILL.md. Boundary markers: Explicitly absent from data fetching commands, though the skill provides a high-level safety warning in the 'External Content Safety' section of SKILL.md. Capability inventory: Executes shell commands (git, gh, node), performs file system writes (mkdir, writeFile in scripts/capture-screenshots.js), and interacts with GitHub APIs. Sanitization: No programmatic sanitization is implemented for the ingested text; safety relies on the agent's adherence to instructions to ignore embedded commands.\n- [COMMAND_EXECUTION]: Employs standard developer tools including git, the GitHub CLI (gh), and node to perform code analysis and manage pull request feedback.\n- [EXTERNAL_DOWNLOADS]: Downloads and installs the playwright package from the public npm registry to enable automated browser-based visual validation of preview URLs.\n- [DATA_EXFILTRATION]: Reads local source code and fetches remote PR data to generate review summaries, which are subsequently shared with official GitHub endpoints as intended by the skill's primary function.

code-review