The Agent Skills Directory

[COMMAND_EXECUTION]: The skill orchestrates repository workflows by executing shell commands via the git and gh (GitHub CLI) tools. It uses variables derived from the local environment and repository metadata, such as $UPSTREAM and $BRANCH_NAME, to perform actions like forking, pushing code, and creating pull requests.
[PROMPT_INJECTION]: The skill processes untrusted content from external repositories, which creates a surface for indirect prompt injection.
Ingestion points: In Step 2, the skill fetches the contents of CONTRIBUTING.md, CODE_OF_CONDUCT.md, and pull request templates from the targeted upstream repository.
Boundary markers: The instructions do not specify the use of delimiters or clear separation markers to distinguish between the skill's core instructions and the external data being ingested.
Capability inventory: The skill has access to powerful capabilities, including modifying the local filesystem through git commit and performing network-authenticated actions such as git push and gh pr create.
Sanitization: No explicit sanitization or validation logic is defined to check the external content before the agent evaluates it for contribution rules and formatting constraints.

lovstudio-gh-contribute