The Agent Skills Directory

[SAFE]: The skill's primary function is to interact with the local git repository and the official GitHub CLI to manage pull requests. No unauthorized network operations, data exfiltration, or credential harvesting patterns were detected.
[PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface by reading external, untrusted data from git commit logs (git log origin/main..HEAD --oneline) and repository-specific PR templates (.github/PULL_REQUEST_TEMPLATE.md).
Ingestion points: Git commit history and PR template files in SKILL.md.
Boundary markers: Absent; the skill does not explicitly instruct the agent to use delimiters or ignore instructions within the ingested data.
Capability inventory: Shell command execution via the gh CLI for PR creation in SKILL.md.
Sanitization: Absent; the agent is instructed to directly analyze and populate fields based on the content of the ingested data.
Risk: A malicious contributor could craft commit messages or PR templates containing instructions to influence the agent's behavior during PR creation (e.g., adding unauthorized labels or assignees). This is a low-risk concern inherent to tasks involving summarization of external content.

github-pr