The Agent Skills Directory

[SAFE]: The skill uses local bash scripts and the official GitHub CLI (gh) to perform legitimate pull request management tasks. No evidence of obfuscation, hardcoded credentials, or unauthorized network communication was found.
[PROMPT_INJECTION]: The skill processes untrusted content from GitHub pull request metadata and comments, which constitutes a surface for indirect prompt injection. 1. Ingestion points: Data is fetched using the gh API in scripts/pr-review-summary.sh and scripts/wait-pr-review.sh. 2. Boundary markers: The scripts do not apply specific delimiters or instructions to ignore embedded commands in the PR content. 3. Capability inventory: The skill allows the agent to monitor PR status, wait for reviewer activity, and perform code edits based on feedback. 4. Sanitization: The scripts perform basic formatting and truncation of comment bodies but do not filter for potentially malicious instructions.

github-pr-agent-workflows