The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and acts upon untrusted data from GitHub PR comments. Ingestion points: Fetches inline and review-level comments using 'gh api' and 'gh pr view' as described in SKILL.md. Boundary markers: Absent; the agent is instructed to process comment text directly without delimiters. Capability inventory: Includes codebase modification (fixing concerns), repository-wide search, and network write operations via 'gh api' to post replies. Sanitization: Absent; no validation or escaping of comment content is performed before processing.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the 'gh' CLI for retrieving PR metadata and posting replies. It also includes the execution of a shell command 'sleep $((RANDOM % 3 + 3))' for rate limiting during the reply process.

resolve-pr-comments