The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill facilitates reading external data from GitHub (issues, PRs, comments) which may contain malicious instructions designed to influence the agent. 1. Ingestion points: gh pr list, gh issue view, and gh pr view in SKILL.md. 2. Boundary markers: Absent; instructions do not specify delimiters for external content. 3. Capability inventory: The skill allows creating issues, PRs, and releases, providing a write-back capability. 4. Sanitization: No explicit sanitization of fetched GitHub content is mentioned.
External Downloads (SAFE): The documentation contains a command to download a GPG key for the GitHub CLI package. Evidence: curl https://cli.github.com/packages.key in references/gh-guide.md. Per [TRUST-SCOPE-RULE], GitHub is a trusted organization, and the download is for a legitimate utility key.
Command Execution (SAFE): The skill includes shell scripts (scripts/gh-helper.sh, scripts/release-manager.sh) that use the gh CLI for repository maintenance. These scripts perform standard administrative functions and do not contain obfuscated or harmful code.

gh-cli