The Agent Skills Directory

[SAFE]: PR numbers provided as arguments are strictly validated against a numeric regex (^[1-9][0-9]{0,5}$) before being used in shell commands, preventing command injection.
[PROMPT_INJECTION]: The skill is designed to process untrusted pull request data (titles, bodies, and diffs), which presents an indirect prompt injection surface.
Ingestion points: PR metadata and diff content are retrieved via GitHub CLI commands (gh pr view, gh pr diff).
Boundary markers: All PR-derived content is wrapped in <untrusted_pr_content> tags with explicit instructions for the AI to ignore any embedded instructions.
Capability inventory: The skill possesses the capability to modify the pull request's description using the gh pr edit command.
Sanitization: In addition to argument validation, the skill uses temporary files and the --body-file flag to update the PR description, ensuring that markers are not corrupted by shell processing.
[SAFE]: The helper script marker-helper.py uses character codes for markers to avoid accidental interaction with shell history expansion and implements logic to strip stray markers, preventing replacement bound confusion.

pr-human-guide