The Agent Skills Directory

[Unverifiable Dependencies] (MEDIUM): The file references/issue-management.md suggests installing a third-party extension yahsan2/gh-sub-issue. This is an untrusted source outside the approved organizations list, and the extension code is not verified.
[Indirect Prompt Injection] (LOW): The skill is designed to ingest and act upon data from GitHub that could be controlled by an attacker. 1. Ingestion points: Content is pulled from GitHub via gh issue list, gh pr view, and gh api in examples/automation-scripts.md and references/issue-management.md. 2. Boundary markers: Absent. There are no instructions to the agent to treat external text as untrusted data or to ignore instructions embedded within issues or PRs. 3. Capability inventory: The skill possesses significant write capabilities, including editing issues, merging PRs, and executing GraphQL mutations via gh api graphql. 4. Sanitization: Absent. The automation logic, such as matching commit messages to sub-tasks in rules/issue-tracking-automation.md, directly processes and uses content from GitHub without validation.

github-operations