The Agent Skills Directory

[SAFE]: The skill follows a "secure-by-default" philosophy. All mutating operations, such as pushing to a remote or creating a pull request, are gated behind a required --yes flag. Without this flag, the scripts only perform a dry run and output the intended actions.
[SAFE]: Robust credential sanitization is implemented across all scripts. The collect_publish_context.sh and create_pr.sh scripts use sed to automatically redact Authorization headers, GitHub tokens, and credentialed URLs from any captured output or error logs.
[SAFE]: Secure handling of temporary data. The collect_publish_context.sh script creates its output directory using umask 077 and chmod 700, ensuring that collected context information is only accessible by the current user.
[SAFE]: The skill prevents common user errors that could lead to security issues or repository clutter, such as pushing to protected branches, creating accidental forks, or pushing from a detached HEAD state.
[SAFE]: Indirect Prompt Injection Surface. The skill processes user-supplied data (PR titles and bodies) as inputs to the GitHub API. This is a necessary part of its functionality and is handled safely as data rather than executable code. The mandatory user confirmation for actual PR creation acts as an effective safety boundary.

github-pr-publish