The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from external GitHub repositories, which constitutes an indirect prompt injection surface.
Ingestion points: README content and commit messages are retrieved via gh api in SKILL.md (Step 2).
Boundary markers: The prompt instructions lack delimiters or specific directives to the model to ignore potential instructions embedded within the repository content.
Capability inventory: The skill reads file structures, decodes content, and is intended to trigger other social media posting skills.
Sanitization: No sanitization or content validation is performed on the data fetched from GitHub before it is processed by the LLM.
[COMMAND_EXECUTION]: The skill uses standard GitHub CLI (gh api) and system utility (base64) commands to manage its workflow. These operations are consistent with the skill's primary purpose and do not involve unauthorized privilege escalation or persistence mechanisms.

ship-digest