The Agent Skills Directory

[COMMAND_EXECUTION]: The script uses subprocess.run to execute the well-known GitHub CLI tool (gh auth token) to resolve authentication credentials from the local environment.
[DATA_EXFILTRATION]: The skill accesses sensitive environment variables GITHUB_TOKEN and GH_TOKEN to provide authorization for requests to the GitHub API.
[PROMPT_INJECTION]: The skill processes untrusted user-generated content from GitHub, such as PR titles and commit messages, and interpolates them into a Markdown report, creating a surface for indirect prompt injection. 1. Ingestion points: Data fetched from GitHub Search and Detail APIs via scripts/github_contribution_report.py. 2. Boundary markers: The script uses basic escaping (md_escape) for Markdown table delimiters but does not employ explicit boundary markers or warnings to isolate untrusted content from the AI agent. 3. Capability inventory: The skill can write the generated report to a user-specified file path or print it to stdout. 4. Sanitization: The md_escape function provides minimal sanitization by escaping pipe characters and collapsing whitespace in PR titles and commit messages.

github-contribution-period-analysis