The Agent Skills Directory

[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests git branch names, commit messages, and repository diffs to generate PR titles, summaries, and playground descriptions.
Ingestion points: Repository metadata, commit history, and code diffs are read during the context gathering phase in SKILL.md.
Boundary markers: The skill employs HEREDOC delimiters (EOF) when passing generated content to the gh CLI, which provides some isolation between the untrusted data and the shell command.
Capability inventory: The skill uses Bash for git operations and the Skill tool to invoke external plugins.
Sanitization: Basic sanitization is performed on branch names (replacing slashes with double hyphens) before they are used in file system paths.
[EXTERNAL_DOWNLOADS]: The skill references and recommends the installation of the playground plugin from Anthropic's official GitHub organization (anthropics/claude-plugins-official). This is a trusted source used for generating interactive PR previews.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard development commands including git, gh (GitHub CLI), and project-specific linters/test runners. These operations are restricted to the local repository context and are necessary for the skill's primary function of PR automation.

create-pr