The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the gh (GitHub) CLI to fetch pull request data, comment on PRs, and manage repository state. This is the primary mechanism for the skill's functionality. The Python scripts analyze-pr.py and triage-prs.py execute these commands using subprocess.run with list-based arguments, which is a secure practice to prevent shell injection.
[EXTERNAL_DOWNLOADS]: In workflows/onboard-plugin.md, the skill performs a curl operation to fetch backstage.json from upstream plugin repositories to verify version compatibility. This involves downloading data from external sources, but the content is piped directly to jq for parsing rather than being executed as code.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from GitHub pull requests (titles, bodies, and file paths) to generate reports and determine triage priority.
Ingestion points: scripts/analyze-pr.py and scripts/triage-prs.py fetch PR metadata via the gh pr view and gh pr list commands.
Boundary markers: Absent. There are no explicit delimiters or instructions to the model to ignore potential commands embedded in the PR text.
Capability inventory: The skill can execute gh commands (including commenting on PRs), perform local file operations, and manage podman containers via the rhdh-local environment.
Sanitization: The Python scripts utilize JSON parsing for structured data extraction. However, the workflows suggest a pattern of interpolating extracted workspace names into shell commands (e.g., grep "$WORKSPACE"). While the risk is low due to the use of quotes and the specialized nature of the skill, it remains a known surface.

overlay