The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the D3.js library from jsdelivr, a well-known CDN. The reference is correctly pinned to version 7.9.0 to ensure integrity and prevent supply-chain attacks.
[COMMAND_EXECUTION]: The skill executes local shell commands including gh (GitHub CLI) and git to collect pull request metadata, diffs, and logs. It also executes local Python scripts (d3_canvas_runtime.py and validate_d3_canvas.py) to generate and verify the walkthrough site.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external sources.
Ingestion points: Pull request bodies, comments, review threads, and documentation files (e.g., PRODUCT.md) are retrieved via gh pr view and gh api in SKILL.md.
Boundary markers: The instructions do not define specific delimiters for untrusted data when processing it for visualization.
Capability inventory: The agent can perform file system writes and execute shell commands via subprocesses.
Sanitization: The scripts/d3_canvas_runtime.py script includes an escapeHtml function used during the rendering of the detail panel to prevent cross-site scripting (XSS) when displaying external data. It also correctly escapes JSON strings within script tags to prevent injection.

pr-walkthrough