The Agent Skills Directory

[COMMAND_EXECUTION]: The script executes shell commands including gh, jq, and date to interact with the GitHub API and manage local cache files. Evidence: Uses gh api and gh api graphql for data retrieval in scripts/github-activity.sh. Evidence: Uses jq for JSON manipulation and data extraction.
[PROMPT_INJECTION]: The skill processes untrusted data from an external source (GitHub), creating a surface for indirect prompt injection. Ingestion points: Fetches PR titles, issue summaries, and repository names via the GitHub Search and GraphQL APIs. Boundary markers: No boundary markers or ignore instructions are included in the generated JSON cache files. Capability inventory: The skill itself uses gh, jq, and file system writes, but the primary risk is for downstream agents reading the cache. Sanitization: No sanitization or escaping of the fetched GitHub content is performed before storage.

github-activity