The Agent Skills Directory

[DATA_EXFILTRATION]: The skill suggests setting GIT_SSL_NO_VERIFY=1 when running in sandbox environments. Disabling SSL/TLS certificate verification allows network traffic to be intercepted or modified by a Man-in-the-Middle (MitM) attacker, which could lead to the exposure of GitHub project data or authentication tokens.
[COMMAND_EXECUTION]: The skill relies on executing shell commands via the GitHub CLI (gh project) to retrieve project metadata, item lists, and field definitions.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted content from GitHub project items. Ingestion points: Data retrieved from gh project item-list (item titles, descriptions). Boundary markers: Absent; the instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded in the project data. Capability inventory: The skill has the ability to execute shell commands. Sanitization: Absent; the skill processes external data and interpolates it into the final report without validation or escaping.

project-view-status