The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from external sources. Ingestion points: Fetches content from GitHub PR comments, issue comments via gh api, and repository-hosted pull request templates (e.g., .github/pull_request_template.md). Boundary markers: The instructions lack explicit delimiters or instructions to the agent to ignore potentially malicious directions embedded within the fetched GitHub content. Capability inventory: The skill can perform sensitive operations including git commit, git push, and gh pr create. Sanitization: There is no evidence of sanitization or validation of the fetched strings before they are processed for summarization or used to fill PR templates.
[COMMAND_EXECUTION]: The skill relies on constructing and executing shell commands using the git and gh CLI tools. While these are necessary for the skill's functionality, they provide a mechanism for the agent to interact with the system environment and remote repositories based on instructions derived from potentially untrusted PR metadata.

pr-manager