The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes code diffs from external Pull Requests or local branches, creating an attack surface for indirect prompt injection where malicious code comments or diff content could attempt to influence the agent's behavior or review results. * Ingestion points: Diff content retrieved via gh pr diff or git diff in SKILL.md (Step 4). * Boundary markers: Instructions in Step 6 provide scope to subagents, but the untrusted diff content is not isolated from the instruction context. * Capability inventory: The skill can execute shell commands, write to the filesystem, and invoke other skills in SKILL.md. * Sanitization: No explicit sanitization or filtering of the diff content is performed before processing.
[COMMAND_EXECUTION]: The skill uses local shell commands including git and gh (GitHub CLI) to manage repository state, retrieve Pull Request metadata, and generate diffs. These commands are essential for the skill's primary function and are used according to standard development practices.

ah-review-code