The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests and processes untrusted data from GitHub pull request comments and review feedback, which constitutes a surface for indirect prompt injection attacks. Although the output is constrained to a JSON schema, embedded instructions in comments could attempt to influence the agent's summaries or complexity assessments.\n
Ingestion points: External data is retrieved using the erk exec classify-pr-feedback command (SKILL.md).\n
Boundary markers: There are no explicit delimiters or instructions to treat the fetched content as untrusted or to ignore embedded directives.\n
Capability inventory: The skill identifies and returns thread and comment IDs used for subsequent automated actions like resolving threads or replying to discussions via the erk CLI.\n
Sanitization: No filtering or sanitization of the comment text is performed before processing.\n- [COMMAND_EXECUTION]: The skill uses the 'erk' CLI tool to execute commands for fetching and managing PR feedback. These operations are performed via shell execution based on provided arguments.

pr-feedback-classifier