The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The file references/pr-review.md contains an instruction to automatically install a third-party GitHub CLI extension using gh extension install EurFelux/gh-pr-review. This repository belongs to an unverified individual user and is not part of the trusted vendors list, posing a significant risk of executing unvetted code in the user's environment.\n- [COMMAND_EXECUTION]: The skill executes various powerful CLI commands including git, gh, and local build tools like pnpm lint && pnpm test. While these are expected for a development tool, they provide a significant attack surface if the agent is subverted by malicious input.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) in references/pr-review.md and references/teams-review.md. Ingestion points: The agent fetches untrusted PR_BODY and PR_COMMENTS via GitHub CLI. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are used when processing this data. Capability inventory: The agent has high-privilege capabilities including shell command execution, file writing, and Git history modification. Sanitization: No sanitization or validation of external content is performed before it is used to guide the agent's logic.\n- [COMMAND_EXECUTION]: Through references/checklist-evolution.md, the skill implements a self-modification mechanism where the agent is instructed to 'Insert accepted items into the checklist file'. This allows the agent to alter its own instruction set on disk (code-checklist.md or doc-checklist.md) based on session feedback, which could be exploited for persistence of malicious instructions if the agent's judgment is compromised.

gh-pr-review