The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands such as git, gh, sed, grep, rg, and npm view to gather context and perform its primary functions. These commands are used to view issues, fetch PR diffs, and check package versions on the NPM registry, all of which are standard operations for a repository management tool.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources including GitHub issue bodies and Pull Request descriptions or diffs. This data is processed as part of the architectural review and PR creation phases.
Ingestion points: Commands like gh issue view, gh pr view, and gh pr diff (referenced in Phase 1 of SKILL.md) bring external, potentially attacker-controlled text into the agent's context.
Boundary markers: The instructions do not define specific delimiters or "ignore previous instructions" guards when interpolating issue or PR content into the review prompts.
Capability inventory: The skill has the capability to execute shell commands, create/edit GitHub PRs, and spawn sub-agents to analyze data.
Sanitization: There is no mention of sanitizing or escaping the content retrieved from GitHub before it is used to generate PR descriptions or review findings.

pre-merge