The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill recommends executing code via 'npx gitload-cli'. This pattern involves downloading and running a package from the NPM registry at runtime. As the package is not from a predefined trusted vendor, this represents a risk of executing unverified external code.
[EXTERNAL_DOWNLOADS]: The skill is designed to download repositories, folders, and files from GitHub. While GitHub is a well-known service, the skill facilitates the entry of arbitrary external data into the environment.
[COMMAND_EXECUTION]: The skill instructions result in the execution of various shell commands, including 'npx', 'npm install', 'gitload', and 'export', which interact with the network and local file system.
[CREDENTIALS_UNSAFE]: The documentation provides examples of passing sensitive GitHub Personal Access Tokens (PATs) as plain-text command-line arguments (e.g., '--token ghp_xxxx'). This is an insecure practice that can leak credentials through shell history, process listings, or logs.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted data from external repositories.
Ingestion points: GitHub repository contents (files and folders) downloaded via the gitload tool.
Boundary markers: No protective delimiters or 'ignore' instructions are provided for the downloaded content.
Capability inventory: The agent has the ability to execute shell commands and modify the local file system based on instructions.
Sanitization: There are no instructions or mechanisms for the agent to sanitize or validate the content of the downloaded files before processing them.

gitload