The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and has significant write capabilities.
Ingestion points: Pull request comments fetched via gh api and CI failure logs retrieved via gh run view in SKILL.md.
Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched data.
Capability inventory: The agent can modify project files, execute git commit, git push changes to the origin, and post API replies.
Sanitization: The skill lacks sanitization, validation, or filtering of the content retrieved from GitHub before processing it for code fixes.

pr-fix