The Agent Skills Directory

[SAFE]: The skill implements a legitimate developer workflow for QA planning with clear input validation and safe output handling.
[COMMAND_EXECUTION]: The skill validates user-provided arguments (hashes and PR numbers) using regular expressions (e.g., /^[0-9a-f]{7,40}$/) before they are interpolated into shell commands for git and gh. For GitHub issue creation, it utilizes a HEREDOC with a single-quoted delimiter (<<'EOF'), which ensures the generated plan content is treated as a literal string, effectively preventing command injection from untrusted diff data.
[PROMPT_INJECTION]: No direct prompt injection or instructions to bypass safety guidelines were found. The skill spawns sub-agents for codebase exploration with specific, well-defined prompts focused on feature analysis.
[DATA_EXFILTRATION]: Data access is limited to the current project's codebase and version history. Network activity is restricted to standard GitHub CLI operations (creating issues and viewing PRs) based on the user's chosen output mode.

qa