PR + Commit Workflow
This skill should be used when creating commits or pull requests, enforcing a human-written PR structure, intent capture, and evidence in agentic workflows.
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Hybrid
Uses git locally and references GitHub PR updates via `gh pr edit --body-file`.
- Data access: Sensitive
Operates on source code diffs and PR metadata, which may include private implementation details and incident context.
- Action surface: Write
Produces commits and creates/updates pull request descriptions in a remote repository.
Best practices
Follow these steps to reduce risk when using this skill.
- Do not include secrets, tokens, or private customer data in commit messages, PR titles, or PR bodies.
- Review `scripts/build_pr_body.sh` output before publishing to ensure it doesn't leak local paths, hostnames, or internal context.
- Use a least-privileged GitHub token for `gh` and prefer scoped repo access over broad org permissions.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.