The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill executes gh auth token via child_process.execSync to retrieve the user's GitHub CLI token. While this command is hardcoded and uses a standard tool, spawning shell processes to access credentials is a sensitive operation. Evidence found in scripts/github.ts at lines 23 and 45.
PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection. It fetches raw source code from public GitHub repositories and passes it to the AI agent for analysis. Maliciously crafted code in those repositories could contain instructions designed to manipulate the agent. Evidence: Ingestion points in scripts/github.ts via GitHub REST API; Boundary markers (markdown code blocks and horizontal rules) in scripts/main.ts (lines 142-154); Capability inventory shows access to auth tokens but no file-write or non-GitHub network operations; Sanitization includes truncating content to 40 lines.
EXTERNAL_DOWNLOADS (SAFE): The skill interacts with the GitHub REST API (api.github.com) to search and fetch code. This is the primary intended function and uses a trusted source.
DEPENDENCIES (LOW): The package.json includes an unknown development dependency uba-eslint-config@latest. Use of unversioned, non-standard configuration packages can pose a supply chain risk, though it is limited to the development environment.

gh-code-search