The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses standard development tools including Git (git checkout, git push, git merge), GitHub CLI (gh pr create), and various test runners (npm test, pytest, cargo test, go test). These commands are used for their intended purpose within a development lifecycle and do not exhibit malicious intent.- [DATA_EXFILTRATION]: No unauthorized data transmission was detected. Network-related operations are restricted to git push to the project's configured 'origin' remote and gh pr create via the official GitHub CLI, both of which are standard and expected behaviors for a development-focused skill.- [PROMPT_INJECTION]: The instructions do not contain any attempts to override agent behavior, bypass safety filters, or extract system prompts. The use of instructional directives like "Stop" and "Core principle" is limited to enforcing the intended workflow logic.- [INDIRECT_PROMPT_INJECTION]: While the skill processes external data (branch names, commit lists, and user-provided PR descriptions), it does not present a significant vulnerability surface. The implementation uses quoted heredocs (cat <<'EOF') when constructing command arguments, which prevents shell expansion and command injection during the execution phase.

finishing-a-development-branch