The Agent Skills Directory

[COMMAND_EXECUTION]: The skill heavily relies on the mcporter CLI tool to interact with GitHub. It provides patterns for constructing shell commands that include variable interpolation (e.g., using jq to extract a COMMIT_SHA and passing it into a subsequent mcporter call). While standard for this workflow, dynamic command assembly using data fetched from external sources is a potential injection vector.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to read and process untrusted data from an external source (GitHub Pull Requests, Issues, and comments).
Ingestion points: SKILL.md (via tools like get_pull_request, list_issues, search_code, and list_notifications).
Boundary markers: Absent. The instructions do not include delimiters or warnings to ignore instructions embedded in the retrieved GitHub data.
Capability inventory: The agent has the capability to write to GitHub (merge PRs, create issues, post comments), access the network via mcporter, and perform local git/file operations through the referenced git-delegation skill.
Sanitization: Absent. There is no evidence of filtering or sanitizing the content retrieved from GitHub before it is processed or used in subsequent commands.

github-operations