The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the official GitHub CLI (gh) to perform actions like creating pull requests, merging branches, and listing issues. Commands such as gh pr create and gh issue list are used as intended for repository management.
[EXTERNAL_DOWNLOADS]: The skill's metadata contains installation instructions for the gh tool via trusted package managers (Homebrew and APT). Since these target official repositories and well-known services, they are considered safe.
[PROMPT_INJECTION]: The skill retrieves content from external sources (GitHub issue and PR bodies) which represents an indirect prompt injection surface.
Ingestion points: gh pr view and gh issue list in SKILL.md retrieve external text content.
Boundary markers: Absent. The skill does not currently use specific delimiters to isolate external data from instructions.
Capability inventory: Pull request merging (gh pr merge), issue creation (gh issue create), and CI workflow reruns (gh run rerun) are available in SKILL.md.
Sanitization: Absent. External text is processed without explicit filtering or validation.
[SAFE]: No obfuscation, data exfiltration, or persistence mechanisms were found. The skill maintains the principle of least privilege by using the existing gh authentication context.

github