The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documents a dangerous execution pattern in references/search-and-manage.md using the command gh gist view <id> --filename script.sh --raw | bash. This allows arbitrary remote content from a Gist to be executed directly in the host shell without verification.
[COMMAND_EXECUTION]: The skill provides instructions for destructive bulk operations in references/search-and-manage.md, such as gh gist list --secret -L 1000 | awk '{print $1}' | xargs -I{} gh gist delete {}. This increases the impact of accidental or malicious commands by facilitating mass deletion of resources.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub Gists. Ingestion points: Commands like gh gist view <id> and gh gist list retrieve content from external, user-controlled Gists (found in SKILL.md and references/search-and-manage.md). Boundary markers: There are no markers or delimiters used to separate untrusted Gist content from the agent's internal instructions. Capability inventory: The agent has permissions to create, modify, and delete Gists, as well as execute local shell commands and manage files in /tmp/ (found in SKILL.md and references/workflows.md). Sanitization: The skill lacks logic to validate or sanitize the content retrieved from Gists before it is displayed or used in further operations.

github-gist