The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests untrusted data from GitHub PRs, which serves as an indirect prompt injection surface.
Ingestion points: The PR head content is fetched into a local worktree and read in full, as described in SKILL.md.
Boundary markers: The skill utilizes an 11-dimension rubric and specific configuration thresholds to guide and constrain the analysis process.
Capability inventory: The skill uses git for local operations and gh for interacting with the GitHub API to read PR data and post reviews.
Sanitization: A mandatory 'Approval loop' ensures that no content is posted to GitHub without explicit user review and confirmation, effectively sanitizing the output of the agent.
[COMMAND_EXECUTION]: Uses standard git and gh CLI commands to manage code context and interact with the repository. These operations are performed locally and within the scope of the project being reviewed.
[DATA_EXFILTRATION]: Communicates with the GitHub API to retrieve PR details and submit reviews. These network operations target a well-known service (GitHub) and are consistent with the skill's primary purpose.
[SAFE]: Implements a best-practice 'Identity Acknowledgement' banner that requires users to confirm responsibility for actions taken by the agent before its first use.

code-review