The Agent Skills Directory

[SAFE]: The skill uses dynamic context injection (Category 11) to retrieve the current branch and PR information via git and gh during load time. These operations are limited to the local development environment and the official GitHub API, which is consistent with the skill's stated purpose of PR management.
[SAFE]: The skill processes untrusted data by reading GitHub PR comments. While this presents an indirect prompt injection surface (Category 8), the skill's potential impact is strictly restricted. Its instructions and frontmatter-defined tool access limit its capabilities to reading metadata and posting threaded replies. It is explicitly forbidden from modifying code, pushing to the repository, or resolving threads.
[SAFE]: Shell commands utilize secure patterns, such as quoted heredocs (cat <<'EOF'), to prevent the shell from interpolating or executing any special characters that might be generated in the agent's response text. This prevents accidental or malicious command injection during the execution of gh api.

reply