The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is instructed to read and address PR descriptions and review comments which are supplied by external users. While the agent's primary task is code modification, the lack of input isolation creates a potential for a malicious reviewer to influence the agent's actions through embedded instructions in comments.
Ingestion points: PR descriptions, inline review threads, and top-level review bodies fetched via gh pr view and the gh api calls in the 'Fetch comments' and 'The loop' sections of the SKILL.md file.
Boundary markers: Absent; the agent is not instructed to use delimiters or ignore instructions found within the PR comments.
Capability inventory: The skill allows for local shell command execution (git, poetry, pnpm, pytest), file system writes for code fixes, and GitHub API mutations for replies and thread resolutions.
Sanitization: No explicit sanitization or filtering of external comment content is performed before processing.
[COMMAND_EXECUTION]: The skill uses shell commands to perform development tasks such as running tests, formatting code, and linting (e.g., poetry run pytest, pnpm vitest, pnpm format). These are expected operations for a developer tool and are scoped to the Significant-Gravitas/AutoGPT project environment.

pr-address