The Agent Skills Directory

[DYNAMIC_CONTEXT_INJECTION]: The skill utilizes the !command syntax to execute git branch, git status, gh pr view, and git log at load time. These operations are used to populate context for PR management and do not access sensitive files or perform external network requests beyond GitHub API interactions.
[COMMAND_EXECUTION]: The skill employs standard Git and GitHub CLI commands to automate PR creation and updates. The allowed-tools configuration correctly limits the scope to git:* and gh:*, reducing the risk of unauthorized command execution.
[DATA_EXFILTRATION]: Instructions within the skill explicitly command the agent to exclude API keys or private content from commits. No suspicious network patterns or exfiltration attempts were detected.
[INDIRECT_PROMPT_INJECTION]: The skill ingests user notes through the $ARGUMENTS variable.
Ingestion points: SKILL.md (via $ARGUMENTS)
Boundary markers: Absent around the arguments interpolation.
Capability inventory: Uses git commit, git push, and gh pr commands across the workflow.
Sanitization: No explicit sanitization of input, but the skill's rigid adherence to PR standards and specific CLI tools limits the potential impact of malicious input.

pr