The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the official GitHub CLI (gh) binary and release metadata from the cli/cli repository on GitHub. This is a trusted source and the process follows secure implementation practices.
[REMOTE_CODE_EXECUTION]: The skill executes the downloaded gh binary to perform GitHub operations. The installation script includes a security check that verifies the binary's SHA256 checksum against the official release manifest before use.
[COMMAND_EXECUTION]: Uses the subprocess module to interact with system tools and the gh CLI. All subprocess calls are implemented using list-based arguments, which prevents shell injection vulnerabilities.
[CREDENTIALS_UNSAFE]: Authentication is managed via the standard GITHUB_TOKEN environment variable. The skill does not contain hardcoded credentials, nor does it store secrets insecurely.
[DATA_EXFILTRATION]: Network requests are limited to official GitHub API endpoints and release assets required for the skill's functionality.
[PROMPT_INJECTION]: Analyzed the attack surface for indirect prompt injection via external data.
Ingestion points: Retrieves GitHub issue titles, bodies, and label names in scripts/github_project_setup.py and SKILL.md.
Boundary markers: Absent; the skill does not use specific delimiters to separate untrusted API data from agent instructions.
Capability inventory: Includes the ability to create and modify issues, PRs, and labels using the gh CLI and PyGithub.
Sanitization: Absent; content retrieved from the GitHub API is processed without explicit sanitization for embedded instructions.

gh