The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted text from GitHub PR comments and reviews, creating a surface for indirect prompt injection. Ingestion points: PR comments and review threads are fetched from the GitHub API using scripts/fetch_comments.py. Boundary markers: The skill does not implement delimiters or ignore-instructions for the external data. Capability inventory: The agent is empowered to modify the codebase, execute local tests/checks, and push code to the remote repository. Sanitization: No sanitization or validation of the comment content is performed before the agent evaluates it for actionable code changes.
[COMMAND_EXECUTION]: The skill relies on executing multiple commands through the GitHub CLI (gh) and runs a local Python script that uses subprocess.run. While the implementation uses argument lists to prevent direct command injection into the shell, the workflow grants the agent broad execution capabilities that could be abused if the agent is manipulated by malicious instructions in a PR comment.

gh-address-comments