The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to perform repository management, issue tracking, and pull request automation. This involves shell command execution within the agent environment.
[CREDENTIALS_UNSAFE]: The skill requests access to a GH_TOKEN for API authentication. This credential is provided via the vendor's own connection system (vm0.ai) and is used for its documented purpose of interacting with the GitHub API.
[DATA_EXFILTRATION]: The skill's network activity targets the official GitHub service and the vendor's infrastructure. These are recognized as well-known or vendor-owned services appropriate for the skill's context.
[SAFE]: Indirect Prompt Injection Surface: The skill contains an attack surface for indirect prompt injection by ingesting untrusted data from GitHub. (1) Ingestion points: gh issue view, gh pr view, and gh search code in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Subprocess execution of gh CLI commands. (4) Sanitization: Absent. This risk is inherent to the intended purpose of automating GitHub interactions and does not indicate malicious intent.

github-automation