The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted content from the Harness Code platform.
Ingestion points: Data is ingested through harness_get (reading PR descriptions) and harness_list with the pr_activity resource type (reading discussion comments).
Boundary markers: The instructions do not include boundary markers or guidance to ensure the agent distinguishes between its primary instructions and the data retrieved from the PR.
Capability inventory: The skill provides significant write access, including creating and updating PRs, managing reviewers, and merging PRs. The documentation explicitly notes that the merge action can bypass branch protection if the user has appropriate permissions.
Sanitization: There is no mention of sanitizing or validating the content of PRs or comments before it is processed by the agent.

manage-pull-requests