The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py uses subprocess.run to interact with the GitHub CLI (gh). The command is executed using a list of arguments rather than a shell string, which effectively prevents shell command injection vulnerabilities.\n- [CREDENTIALS_UNSAFE]: The script scripts/process.py manages authentication by reading the GITHUB_TOKEN from environment variables. This aligns with industry-standard security practices for providing credentials to automation scripts without hardcoding them in the source code.\n- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference official GitHub domains and well-known standards sites. These are trusted sources for security documentation and tools.\n- [SAFE]: The skill performs intended administrative and reporting tasks for GitHub security features without unauthorized data access or exfiltration patterns detected. All network operations target well-known official GitHub API endpoints.

implementing-github-advanced-security-for-code-scanning