The Agent Skills Directory

[Command Execution] (SAFE): The skill utilizes the gh CLI to interact with GitHub. It correctly implements the use of --body-file and shell heredocs to handle user-generated markdown, effectively mitigating the risk of command injection through malformed issue descriptions.
[Indirect Prompt Injection] (LOW): The skill ingests untrusted data by reading issue content and comments from GitHub. This is a standard risk for integration tools, but the skill lacks high-privilege system access that would allow for significant exploitation.
Ingestion points: VIEW_ISSUE.md and LIST_ISSUES.md (commands: gh issue view, gh issue list).
Boundary markers: Absent; the agent displays content directly to the user.
Capability inventory: gh issue create, gh issue edit, gh issue close, and gh issue comment (all found in respective .md files).
Sanitization: Instructions in CREATE_ISSUE.md and UPDATE_ISSUE.md mandate the use of --body-file to prevent the shell from interpreting issue content as code.
[Data Exposure] (SAFE): No evidence of hardcoded credentials, API keys, or attempts to access sensitive local files (e.g., SSH keys or AWS credentials) was found. The skill relies on the existing authentication state of the local gh CLI environment.
[Dynamic Execution] (SAFE): A Node.js one-liner is used in CREATE_ISSUE.md to retrieve the system's temporary directory and a timestamp. This is a static, non-malicious utility call used for environment configuration.

github