The Agent Skills Directory

[DATA_EXFILTRATION]: The skill includes commands that access sensitive local file paths such as SSH public keys (~/.ssh/id_ed25519.pub) to upload them to GitHub. While GitHub is a well-known service, accessing these paths involves handling identity-related data.
[REMOTE_CODE_EXECUTION]: Facilitates the installation and execution of GitHub CLI extensions from arbitrary third-party sources using the gh extension install command, allowing for external code execution.
[COMMAND_EXECUTION]: Provides access to high-impact operations including the deletion of repositories using the --yes flag to bypass user confirmation, as well as modifications to local configuration and aliases.
[CREDENTIALS_UNSAFE]: References the display of active authentication tokens via gh auth token and demonstrates the use of authentication token overrides in environment variables (GH_TOKEN=xxx).
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect instructions. Ingestion points: reads external content through gh pr view --comments, gh issue view --comments, and gh run view --log. Boundary markers: no delimiters or isolation instructions are provided for external content. Capability inventory: the skill allows repository deletion, extension installation, and SSH key management. Sanitization: there is no evidence of sanitization or filtering of external content before processing.

gh-complete