The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to export session data, including verbatim conversation logs ('Last Turn') and reply snapshots, to GitHub issues. While intended for task persistence, this involves the transfer of potentially sensitive session history to an external service.\n- [PROMPT_INJECTION]: The 'resume' functionality reads operational context such as goals, status, and next steps from GitHub issue content. This creates an indirect prompt injection surface as described by the mandatory evidence chain: 1) Ingestion points: Data enters the agent context via 'gh issue view' in SKILL.md Step 5; 2) Boundary markers: None are specified to distinguish between system instructions and restored context; 3) Capability inventory: The skill has write access to files and external issue commenting; 4) Sanitization: There is no evidence of sanitization or validation of the content read from GitHub before it is used to drive agent behavior.\n- [COMMAND_EXECUTION]: The skill relies on the 'gh' CLI to interact with GitHub. It directs the agent to execute shell commands using identifiers like repository paths and issue IDs provided by the user, which presents a surface for argument injection if the agent does not strictly validate these inputs.

github-checkpoint-persistence