The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its integration with external GitHub data. Ingestion points: The skill utilizes commands to retrieve external data such as 'gh issue view', 'gh pr view', and 'gh run view --log' (SKILL.md). Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between internal instructions and content retrieved from GitHub. Capability inventory: The skill enables high-privilege operations including 'gh pr merge' for merging code, 'gh workflow run' for triggering CI/CD pipelines, and 'gh api' for making arbitrary authenticated requests (SKILL.md). Sanitization: There are no instructions for sanitizing or validating the data fetched from GitHub before it is processed or used in further commands.
[COMMAND_EXECUTION]: The skill facilitates the execution of terminal commands using the GitHub CLI (gh) and git. While these are legitimate tools for the skill's purpose, they grant the agent control over the user's GitHub resources and local repository state.

github