The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from GitHub Pull Request descriptions and issue comments via gh pr view and gh issue view to understand the intent behind changes. This is an inherent risk of processing external developer documentation, though it is the primary purpose of the skill.
Ingestion points: SKILL.md (lines 35, 48) uses gh to read external text from GitHub issues and PRs.
Boundary markers: No explicit delimiters are used to separate external issue/PR text from instructions.
Capability inventory: The skill has extensive capabilities including file system modification (git merge, git add), command execution (pnpm, cargo, sg), and network operations (git push, gh issue create).
Sanitization: No explicit sanitization or filtering of the ticket text is performed before processing.
[COMMAND_EXECUTION]: The skill executes several command-line tools including git, gh, pnpm, cargo, and sg. These operations are standard for a development-focused agent and are limited to the context of the repository and the specific PR being processed.
[EXTERNAL_DOWNLOADS]: The skill interacts with GitHub via git fetch and the GitHub CLI (gh). These interactions are directed at a well-known service (GitHub) to retrieve and push code/metadata, which is expected behavior for a PR management tool.

oh-conflict