The Agent Skills Directory

[SAFE]: The skill implements a professional PR review workflow using standard developer tools. It correctly identifies the need to diff against the merge base rather than the main branch to avoid false findings.
[COMMAND_EXECUTION]: The workflow suggests running the project's test suite (e.g., in Step 4) to verify PR changes. While this is an essential part of a code review, it involves executing code provided in the Pull Request. Users should be aware that running tests on unvetted PRs from untrusted sources could lead to the execution of malicious code contained within the PR.
[PROMPT_INJECTION]: The skill processes untrusted input from GitHub PR metadata (titles, bodies) and file contents, which creates a surface for indirect prompt injection.
Ingestion points: PR metadata fetched via gh pr view and code changes viewed via git diff as described in SKILL.md.
Boundary markers: Absent; the agent is not explicitly instructed to ignore or isolate instructions that might be embedded within the PR content.
Capability inventory: Shell command execution via git, gh, and the environment's test runner (e.g., npm, pytest).
Sanitization: Absent; the skill does not define methods for filtering or escaping content from the PR before it is processed by the agent.
[SAFE]: The skill includes strong safety constraints, specifically requiring user approval before posting a review and explicit confirmation before deleting any reviews, preventing accidental or unauthorized actions.

pr-review