The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes 'gh' CLI commands via a local Python script ('scripts/gh_pr_watch.py') to retrieve PR metadata and interact with GitHub Actions. These commands use list-based arguments with 'subprocess.run', which prevents shell injection. Furthermore, input validation for PR identifiers (numbers and URLs) is implemented using strict regular expressions before they are passed to the commands.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.
Ingestion points: GitHub issue comments, review comments, and CI logs are ingested into the agent context via 'gh_pr_watch.py'.
Boundary markers: The skill includes explicit instructions to avoid posting replies to human authors without confirmation and to use specific commit message prefixes to maintain clarity.
Capability inventory: The agent can execute 'gh' commands, write local files in '/tmp', and perform git operations such as commit and push.
Sanitization: The skill provides a decision tree and heuristics in 'references/heuristics.md' to help the agent distinguish between legitimate failures and potentially malicious or unrelated input.
[EXTERNAL_DOWNLOADS]: The skill fetches PR data, logs, and comments from GitHub's official API and repository endpoints. This is a standard operation for the intended task and targets well-known services.

babysit-pr