The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash() function to execute a variety of shell commands for repository discovery, cloning, and API interactions via the GitHub CLI (gh). This includes automated git operations and pull request creation.
[REMOTE_CODE_EXECUTION]: The coordination logic triggers npm install, npm update, and npm test on repositories cloned from GitHub. This can lead to the execution of arbitrary code defined in the scripts section of a repository's package.json file when tests are run.
[EXTERNAL_DOWNLOADS]: The skill downloads code and configuration from external repositories using gh repo clone and git clone. It also uses npx to execute tools like claude-flow directly.
[DATA_EXFILTRATION]: Repository metadata, dependency structures, and file contents (e.g., package.json, CLAUDE.md) are read and ingested into the agent's context for analysis and coordination across projects.
[PROMPT_INJECTION]: The skill specifically targets and synchronizes CLAUDE.md files, which are often used to provide instructions to AI models. This creates a surface for indirect prompt injection if those files are modified by untrusted contributors.
[INDIRECT_PROMPT_INJECTION]:
Ingestion points: Repository names, descriptions, and file contents (package.json, CLAUDE.md) are ingested into the execution context via gh api and Bash commands.
Boundary markers: No explicit delimiters or boundary markers are used to separate ingested repository content from the skill's internal logic or command assembly.
Capability inventory: The skill possesses high-privilege capabilities including file modification, repository creation, and the ability to push code and create PRs across an entire organization.
Sanitization: There is no evidence of sanitization or validation of content retrieved from external repositories before it is used in script generation or command execution.

github-multi-repo