The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh), jq, and grep to perform its operations. The developer has included comprehensive security guidelines in references/checkbox-update-rules.md to prevent command injection and content corruption.
It explicitly forbids the use of shell sed or echo for content manipulation, instead mandating the use of jq with temporary files to maintain JSON encoding integrity.
It uses gh pr edit --body-file and gh api --input - patterns which are the recommended secure methods for updating GitHub resources without shell expansion risks.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests and processes untrusted text from PR/issue bodies and comments authored by potentially any GitHub user.
Ingestion points: PR/issue bodies and comments fetched via gh api and GraphQL in SKILL.md Phase 1.
Boundary markers: The skill attempts to sanitize input by stripping fenced code blocks and inline code spans before parsing.
Capability inventory: The agent can execute shell commands (grep, test), run CI checks, and launch 'Explore' type subagents to analyze the codebase.
Sanitization: The skill uses a regex-based classification system (references/classification-patterns.md) to map items to specific, hardcoded verification recipes, which limits the influence of arbitrary text on command generation. Items that do not match known patterns are relegated to manual 'Human' verification.
[SAFE]: The skill implements a robust race condition prevention mechanism in references/checkbox-update-rules.md by verifying the updated_at timestamp of a resource before applying updates, ensuring that manual changes to a PR are not silently overwritten by the agent.

vp-checklist-runner