The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from external sources and providing it to subagents as context.
Ingestion points: Section 1.4.1 retrieves pull request bodies, comments, and referenced issue content via the GitHub CLI.
Boundary markers: The task prompts do not use specific delimiters or instructions to isolate the untrusted context from the subagent's core instructions.
Capability inventory: The orchestration uses git, gh CLI, and codex exec which includes workspace-write permissions for outputting findings.
Sanitization: No evidence of escaping or filtering content retrieved from GitHub before interpolation into prompts.
[COMMAND_EXECUTION]: The skill automates its workflow through several local command-line tools.
Uses git to manage diff generation and branch context.
Uses gh (GitHub CLI) to fetch metadata and discussion history from pull requests.
Uses rg (ripgrep) to identify pull request or issue numbers from the workspace directory name.
Uses codex exec to launch parallel subagent tasks in a sandboxed environment.
[EXTERNAL_DOWNLOADS]: The skill retrieves metadata from a well-known service.
Fetches pull request and issue details (titles, descriptions, comments) from GitHub using the official CLI tool.

subagent-review