The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs extensive shell operations using git and gh (GitHub CLI) to manage branches, worktrees, and PR state. It also executes project-specific commands like bun install, bun test, and bun run build to validate code changes.
[EXTERNAL_DOWNLOADS]: Dependencies are fetched from remote registries via bun install during the environment setup phase.
[DATA_EXPOSURE]: The skill processes repository metadata and task state. Notably, it contains an explicit security policy in Phase 2 advising the agent to sanitize logs and artifacts (removing tokens, auth headers, and private credentials) before attaching them to PR descriptions.
[PROMPT_INJECTION]: The 'Verification Loop' in Phase 3 ingests untrusted data from external sources, specifically CI run logs (gh run view --log-failed) and automated review comments from the Cubic bot. This constitutes a surface for indirect prompt injection where a malicious actor or a compromised CI environment could attempt to influence the agent's logic via log output.
Ingestion points: Phase 3 (CI logs and GitHub API for Cubic reviews).
Boundary markers: None explicitly defined for raw log parsing.
Capability inventory: Full file system access within the worktree and the ability to execute code via the implementation loop.
Sanitization: The skill includes logic to parse issues and determine validity, providing a basic manual verification step for the agent.

work-with-pr