The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes curl or the gh CLI to interact with the GitHub API to fetch repository metadata. These commands are appropriately scoped and include instructions to use the GITHUB_TOKEN environment variable for authenticated requests to avoid rate limits.\n- [PROMPT_INJECTION]: The skill processes untrusted text from external sources such as GitHub repository READMEs, issue trackers, and pull request descriptions. This creates a surface for indirect prompt injection where a malicious repository could include instructions to influence the agent's report. However, given the skill's restricted capabilities (only generating a report output), this represents a low-risk scenario inherent to the tool's primary function.

open-source-analysis