The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability surface. The skill is designed to ingest data from external sources and has significant write/execute capabilities.
Ingestion points: Commands like x gh issue, x gh pr, and x gl mr read content (titles, descriptions, comments) from external platforms.
Boundary markers: None. There are no instructions provided to the agent to distinguish between its own system instructions and the content of the issues or PRs it processes.
Capability inventory: The skill can perform high-impact operations including repo clone, pr create, action workflow (managing CI/CD), and githook apply (modifying local git behavior).
Sanitization: None. External content is likely processed directly by the agent's logic.
[CREDENTIALS_UNSAFE] (HIGH): The documentation instructs users to configure authentication by passing sensitive API tokens directly as command-line arguments (e.g., x gh --cfg token=<github-token>). This practice exposes secrets to the system's shell history and process list (ps), making them accessible to other users or malicious processes on the same machine.
[COMMAND_EXECUTION] (MEDIUM): The x githook apply command allows for the modification of Git hooks. If an attacker can influence the configuration file processed by this command (via a malicious PR or repository content), they could achieve local code execution when Git actions are triggered.

x-cmd-git