The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool to execute GitHub CLI (gh) commands and jq for data parsing. All identified commands are standard repository management operations and do not include unauthorized file access, privilege escalation, or suspicious network activities beyond GitHub API interaction.
[PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8) due to the ingestion and processing of data from an external source (GitHub). 1. Ingestion points: Data enters the agent context via 'gh api' and 'gh issue list' commands that retrieve milestone and issue titles, descriptions, and metadata. 2. Boundary markers: The skill does not utilize delimiters or specific instructions to isolate or ignore instructions embedded within the ingested GitHub content. 3. Capability inventory: The skill has write access to the repository (creating/modifying milestones and issues) and can execute logic based on retrieved content. 4. Sanitization: While jq is used for structural parsing, the raw text content is not sanitized or escaped before being presented to the agent, which could allow malicious instructions in issue titles or descriptions to influence agent behavior.

milestone-management