The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from GitHub PR comments which could contain malicious instructions for the agent or its sub-agents.\n- Ingestion points: The scripts/get-pr-comments script retrieves PR comment bodies via the GitHub GraphQL API, which are then used by the agent to plan and implement fixes.\n- Boundary markers: There are no explicit delimiters or specific instructions for the agent to ignore potentially malicious content within the fetched comments.\n- Capability inventory: The skill and its sub-agents have the capability to execute gh and git commands, read files, and commit changes to the repository.\n- Sanitization: No sanitization or safety filtering is performed on the comment text before it is used to guide the agent's actions.

resolve-pr-parallel