The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the execution of bash commands involving the GitHub CLI (gh), git, and curl for interacting with the GitHub API and managing repositories.
[CREDENTIALS_UNSAFE]: The documentation suggests a method to resolve authentication issues by embedding the GITHUB_TOKEN directly into the git remote URL (https://${GITHUB_TOKEN}@github.com/username/repo.git). While common in automated environments, this practice can result in the token being stored in the .git/config file and appearing in process logs or shell history.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to interact with GitHub's official API and repository endpoints. These are neutral operations directed toward a well-known service for the purpose of repository and resource management.
[REMOTE_CODE_EXECUTION]: The skill is susceptible to indirect prompt injection due to its interaction with untrusted data from external GitHub repositories, pull requests, and issues.
Ingestion points: The agent retrieves and processes external content from GitHub using the gh CLI and curl commands (e.g., reading issue descriptions or workflow runs).
Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its own system instructions and potentially malicious instructions embedded in the external GitHub data.
Capability inventory: The agent has access to a bash shell, git commands with write access (via token), and network capabilities through curl.
Sanitization: The instructions do not specify any validation or sanitization routines for the data fetched from GitHub before it is processed by the agent.

github