The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to handle untrusted input from commit messages and code diffs. It proactively mitigates the risk of indirect prompt injection by providing explicit instructions for the agent to treat such data as inert evidence and ignore any embedded commands or instructions to bypass safety guidelines. 1. Ingestion points: The skill uses git log and git show in SKILL.md to ingest untrusted data. 2. Boundary markers: The skill uses clear separation rules and an 'Untrusted Input Rules' section to define the boundary between control instructions and data. 3. Capability inventory: Capabilities are limited to git read operations; no file-write, network, or high-privilege subprocess capabilities exist. 4. Sanitization: The instructions mandate ignoring prompt-like text within the ingested data.
[COMMAND_EXECUTION]: Shell operations are restricted to git log and git show for reading repository data. These commands are defined with static arguments and do not permit arbitrary command injection.
[DATA_EXFILTRATION]: There are no network requests or access patterns to sensitive system files. The skill operates exclusively on local git repository data.
[SAFE]: The skill follows security best practices for tools that process user-controlled text and does not exhibit any known attack vectors.

git-pr-review