The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the official GitHub CLI tool (gh) as a prerequisite for its core functionality, as documented in README.md. This is a reference to a well-known tool from a trusted service provider.- [COMMAND_EXECUTION]: The script scripts/coach.py executes the gh CLI using subprocess.run. Although it passes arguments as a list—effectively preventing shell injection—it does not sanitize inputs to prevent flag/argument injection. User-provided strings for repository owners or issue labels are used directly as arguments; if these strings begin with a hyphen, they could be interpreted as command-line flags by the gh utility.- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8). * Ingestion points: Untrusted data is ingested through user-provided idea titles and descriptions via the /idea and /idea_update commands in scripts/coach.py. * Boundary markers: There are no delimiters or instructions to ignore embedded commands used when this data is interpolated into GitHub issue templates. * Capability inventory: The skill can write to external repositories by creating and editing GitHub issues using gh CLI commands in scripts/coach.py. * Sanitization: Idea content is placed directly into issue bodies without escaping or validation in scripts/coach.py.

idea-coach