The Agent Skills Directory

[COMMAND_EXECUTION]: Multiple Python scripts within the skill (e.g., prepare-review.py, fetch-prs.py, post-review.py) use subprocess.run to execute the GitHub gh CLI for data retrieval, commenting, and issue creation. They also use it to coordinate the execution of other internal scripts, which is the primary operational mechanism of the skill.
[EXTERNAL_DOWNLOADS]: The scripts/extract-pr-images.py utility fetches images from GitHub-hosted domains to provide visual context for code reviews. The script implements security controls such as domain allowlisting, mandatory HTTPS, and file size restrictions to mitigate risks associated with remote content.
[PROMPT_INJECTION]: The skill processes untrusted content from Pull Request diffs, descriptions, and comments by interpolating them into subagent prompts. It effectively manages indirect prompt injection risks by employing markdown boundary markers and prioritizing the processing of content originating from organization members.
[SAFE]: The skill follows security best practices, including the use of local cache files for session persistence and providing a least-privilege configuration in its allowed-tools metadata. No signs of credential harvesting, unauthorized data exfiltration, or persistence mechanisms were found.

review-prs