The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes npx to dynamically download and execute packages such as claude-flow@alpha and ruv-swarm from the public npm registry. These packages are not from the provided list of trusted vendors.
[REMOTE_CODE_EXECUTION]: The extensive use of npx for core functionality (e.g., npx ruv-swarm github board-init) constitutes remote code execution, as the agent fetches and runs code from an external repository at runtime.
[COMMAND_EXECUTION]: The skill automates numerous shell-based operations using the GitHub CLI (gh) to modify repository states, manage project boards, and post comments.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it ingests untrusted content from GitHub issues and comments.
Ingestion points: External data is fetched via gh issue view and gh issue list (e.g., in SKILL.md).
Boundary markers: There are no visible delimiters or security instructions used to prevent the agent from obeying commands embedded within the fetched issue body.
Capability inventory: The skill has the ability to write to the repository, create/edit issues, and execute further shell commands via npx and gh CLI.
Sanitization: No sanitization or filtering is applied to the $ISSUE_DATA or $ISSUE_BODY variables before they are passed into the swarm processing tools.

qe-github-project-management