The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill executes a command sequence that retrieves an active GitHub authentication token and stores it in plain text on the local filesystem.
Evidence: Phase 3 contains the command echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com" > ~/.git-credentials.
[DATA_EXFILTRATION]: The skill writes sensitive credentials to a known sensitive file path (~/.git-credentials), which constitutes unauthorized exposure of authentication secrets in a persistent manner.
Evidence: The use of git config --global credential.helper store combined with the direct writing of the token to the home directory ensures the credential persists beyond the session.
[COMMAND_EXECUTION]: The skill performs shell commands to modify global system configurations and execute network operations.
Evidence: Use of git config and git push commands in Phase 3.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes and incorporates untrusted external data into the agent's context and final output.
Ingestion points: The skill reads styles/{name}.html (where {name} is a user-supplied argument) and aggregates content from WebSearch and context7 MCP documentation queries in Phase 1.
Boundary markers: Absent. There are no instructions or delimiters used to prevent the agent from executing commands that might be embedded in the researched documentation or style files.
Capability inventory: The skill has the ability to modify local files via the Edit tool and push changes to remote repositories via git push.
Sanitization: Absent. Content retrieved from the web or documentation tools is directly passed to subagents to be formatted into the final HTML guide.

techguide