The Agent Skills Directory

[COMMAND_EXECUTION]: Uses the GitHub CLI (gh) and git to manage PR states, conflicts, and CI status.
[PROMPT_INJECTION]: The skill explicitly instructs the agent to bypass human-in-the-loop safety checks. Phrases like "The loop is mandatory. Never ask the user whether to set it up" and "Fully autonomous. No user approval needed" are used to override the agent's default behavior of seeking user confirmation for repetitive or impactful actions.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its processing of untrusted external data. 1. Ingestion points: Untrusted data enters the agent context via GitHub PR review comments (fetched via gh api graphql) and CI check outputs (fetched via gh pr checks). 2. Boundary markers: No delimiters or safety instructions are used to separate external content from the agent's instructions. 3. Capability inventory: The skill possesses extensive capabilities including file system access, code modification, and the ability to commit and push changes to remote repositories via sub-skills like /fixing-pr-comments and /fixing-ci. 4. Sanitization: There is no evidence of sanitization or validation of the content retrieved from PR comments before the agent acts upon it.

iterate-pr