The Agent Skills Directory

[SAFE]: The skill provides instructional content and implementation patterns for the GitHub Agentic Workflows framework, focusing on secure configuration and operational management.- [EXTERNAL_DOWNLOADS]: References official container images from trusted organizations such as Microsoft and HashiCorp for MCP server integration, and utilizes imports from the author's own verified GitHub repositories.- [CREDENTIALS_UNSAFE]: Explicitly instructs against hardcoding credentials, directing users to use GitHub Secrets for environment variables in accordance with security best practices.- [PROMPT_INJECTION]: Identifies the vulnerability surface for indirect prompt injection through GitHub event data like issue comments and pull request bodies. It provides specific mitigations in the 'Security Best Practices' section, including strict input validation using choice types and minimizing tool capabilities.
Ingestion points: Workflows are triggered by 'issues' and 'pull_request' events (SKILL.md).
Boundary markers: The framework uses a structured 'Safe Output' model to control write operations, though explicit delimiters in instructions are not required.
Capability inventory: Workflows include access to bash execution, file editing, and GitHub API toolsets (SKILL.md).
Sanitization: Instructions recommend validating inputs using restricted options (Choice type) and limiting labels.

gh-aw-operations