The Agent Skills Directory

[Command Execution] (HIGH): The skill executes several GitHub CLI (gh) commands that perform state-changing operations on repositories and the local environment. Specifically, it uses gh api to modify repository collaborator permissions.
[Privilege Escalation] (HIGH): The primary function of the skill is to grant push permissions to a third-party account (seabbs-bot). This represents a persistent privilege escalation vector; if an agent is tricked into running this on a sensitive repository, an external entity gains write access to the codebase.
[Identity Manipulation] (HIGH): The skill uses gh auth switch to change the active GitHub user. This is a dangerous pattern for AI skills as it manipulates the security context of the host environment. If the execution fails before the final step, the environment remains logged into a different account, leading to unauthorized actions or identity confusion.
[Indirect Prompt Injection] (HIGH): Mandatory Evidence Chain:
Ingestion points: The repo argument is parsed from user input or environment context.
Boundary markers: None. The repository name is interpolated directly into API paths.
Capability inventory: gh api ... -X PUT (File modification/Write access via Git).
Sanitization: None detected. An attacker providing a malicious repository string or influencing the agent to target a specific repository can achieve unauthorized persistent access for their bot.

add-bot