The Agent Skills Directory

[COMMAND_EXECUTION]: The skill enables extensive use of the gh CLI, providing the agent with capabilities to modify repository settings, manage secrets, and interact with local and remote file systems. High-privilege commands such as gh secret set and gh repo delete are documented and available for use.
[REMOTE_CODE_EXECUTION]: The documentation includes instructions for installing GitHub CLI extensions (gh extension install) and triggering GitHub Actions workflows (gh workflow run). These features allow for the execution of remote or dynamically loaded code within the environment.
[DATA_EXFILTRATION]: The skill describes how to access and display authentication tokens using gh auth status --show-token. While intended for manual troubleshooting, an agent could be manipulated into exposing these credentials to an external party.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of fetching and analyzing content from external repositories.
Ingestion points: Remote file contents, issue descriptions, and pull request data (e.g., in SKILL.md and references/remote-analysis.md).
Boundary markers: Absent. The skill does not implement delimiters or warnings to ignore embedded instructions within fetched content.
Capability inventory: Access to gh CLI for file system manipulation, network operations, and remote workflow execution.
Sanitization: Content is decoded from Base64 and presented to the agent without any validation or filtering.

gh-cli