The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through data ingested from external "Copilot Spaces".
Ingestion points: The mcp__github__get_copilot_space tool retrieves full context, including documentation, code, and "custom instructions" from remote repositories or shared collections (SKILL.md).
Boundary markers: No explicit boundary markers or isolation protocols are identified. The skill documentation explicitly instructs the agent to "treat these [space content] as directives, not suggestions," which significantly increases the risk that malicious instructions embedded in a space will be executed by the agent.
Capability inventory: The skill possesses significant capabilities, including the ability to perform write operations (create, update, delete) on GitHub resources via gh api and access external repositories and issues using other MCP tools.
Sanitization: No sanitization, escaping, or validation of the ingested space content or instructions is performed before processing.
[COMMAND_EXECUTION]: The skill utilizes the gh api command-line tool to perform management tasks. It provides instructions for users to grant broader permissions to the GitHub CLI using gh auth refresh -h github.com -s user to facilitate write operations such as creating or deleting spaces.

copilot-spaces