The Agent Skills Directory

[SAFE]: The skill instructions and associated workflow examples do not contain any malicious patterns, obfuscation, or unauthorized access attempts. All external references are to the author's own repositories or trusted organizations like GitHub.
[INDIRECT_PROMPT_INJECTION]: The skill's primary function is to ingest data from external sources (CI logs and PR checks), which creates an indirect prompt injection surface.
Ingestion points: Processes PR-scoped data including check results and workflow outcomes as described in SKILL.md and references/workflow-example.md.
Boundary markers: The skill does not explicitly define markers to separate ingested CI logs from instructions, but it operates in a restricted CI environment.
Capability inventory: Uses the github/gh-aw toolset to read GitHub Actions and Pull Request metadata. It explicitly restricts itself from making direct code modifications within the CI environment.
Sanitization: Employs a recurrence-based promotion logic (requiring at least 3 occurrences across multiple runs) to filter out one-off signals and potential noise before suggesting updates to permanent instruction files like CLAUDE.md.

self-improvement-ci