The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the user to fork an external, unverified repository (https://github.com/maanimis/github-sandbox). This repository contains the GitHub Actions workflow logic that performs the core functionality of the skill.
[REMOTE_CODE_EXECUTION]: By instructing users to fork the repository and enable 'Read and write permissions' for GitHub Actions, the skill facilitates the execution of remote code originating from a third-party source within the user's GitHub environment.
[COMMAND_EXECUTION]: The functionality relies on parsing user-supplied commit messages to execute shell commands (e.g., curl or wget). This creates a surface for command injection if the workflow in the source repository does not strictly sanitize the URLs before passing them to the shell.
[INDIRECT_PROMPT_INJECTION]: The skill acts as a processing surface for untrusted data (URLs provided in commit messages).
Ingestion points: Commit messages in the forked repository (specifically the subject line).
Boundary markers: The download: and download-zip: command prefixes.
Capability inventory: Subprocess calls (curl/wget) and file system writes (git commit) within the GitHub Actions runner.
Sanitization: No sanitization is mentioned or enforced within the instructions; safety depends entirely on the implementation of the external repository.

github-sandbox-file-downloader