The Agent Skills Directory

Staged External Data Ingestion: The skill is designed to process external content from GitHub, such as issue reports and pull request diffs. Because this content is user-generated and untrusted, the skill implements a staged workflow that prioritizes static analysis (desk review) to identify potential issues before any code is interacted with dynamically. This approach helps mitigate risks associated with indirect prompt injection.
Controlled Runtime Interaction: To verify pull requests or reported bugs, the skill can perform "runtime probes" which involve executing code or tests. To manage the risks associated with running external code, the instructions require explicit user authorization for every probe and recommend using specialized tools with established security boundaries and environment gates.
Scope and Permission Management: The skill explicitly restricts the agent from performing sensitive remote operations, such as posting comments, merging pull requests, or modifying branches, without direct user commands. It also limits the use of command-line utilities like the GitHub CLI to scenarios where the user has provided specific instructions within the same interaction, ensuring the agent operates under the principle of least privilege.

maintainer-review