The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The subagents/preflight-checker-manifest.md file identifies several required skills that must be installed from external, unverified GitHub repositories. These include repositories from users such as obra, antfu, softaworks, blader, sickn33, and wshobson. These dependencies are executed during the workflow and are not part of the established trusted vendor list.
[PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by processing content from external GitHub issues. Evidence: (1) Ingestion point: fetching-github-issue (Phase 1) reads issue descriptions and comments. (2) Boundary markers: No specific delimiters or 'ignore instructions' guards are implemented in the orchestrator. (3) Capability inventory: executing-github-task (Phase 7) has the ability to modify the local codebase and interact with the GitHub API. (4) Sanitization: The orchestrator lacks explicit sanitization of the fetched issue content before passing it to planning subagents.
[COMMAND_EXECUTION]: Several components within the skill utilize system-level commands to operate. subagents/issue-status-checker.md and subagents/preflight-checker.md invoke the gh (GitHub CLI) for issue management and authentication checks, while subagents/codebase-inspector.md executes git commands to analyze repository state and history.

orchestrating-github-workflow