The Agent Skills Directory

[COMMAND_EXECUTION]: The skill extensively uses shell commands via Bash blocks to automate repository operations, package management, and system interactions.
Evidence: Multiple Bash invocations in SKILL.md execute commands for listing repositories (gh repo list), cloning code, and performing file operations like cat, grep, and jq on repository data.
[REMOTE_CODE_EXECUTION]: The skill facilitates the execution of code downloaded from external sources through standard package management and testing commands.
Evidence: SKILL.md contains shell logic that clones repositories and immediately executes npm update, npm install, and npm test. This allows code from the targeted repositories to run in the local environment.
[EXTERNAL_DOWNLOADS]: The skill automates the retrieval of source code and documentation from remote GitHub repositories.
Evidence: Uses gh repo clone and gh api calls throughout SKILL.md to download repository contents into the /tmp/ directory for processing.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external repositories which could influence the agent's behavior.
Ingestion points: Reads package.json, CLAUDE.md, and repository metadata (topics, descriptions) from external GitHub repositories.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when reading external file content.
Capability inventory: The skill has high privileges, including shell execution (Bash), file system writes, and network operations via the GitHub CLI.
Sanitization: There is no evidence of sanitization or filtering for the content retrieved from external documentation or package files.

github-multi-repo