The Agent Skills Directory

[SAFE]: The skill adheres to high security standards and shows no evidence of malicious behavior. All operations are aligned with its stated purpose of providing an interface for the GitHub CLI.
[CREDENTIALS_UNSAFE]: The skill handles authentication securely by consuming caller-injected tokens through environment variables. It explicitly prohibits printing, echoing, or storing the token value in non-ignored files, and correctly utilizes .env files as a standard safe practice for local secret management.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute gh CLI commands and a local Python script for resolving API endpoints. These executions are legitimate, follow a clear decision rule (CLI-first), and are protected by proper argument handling and environment scoping.
[DATA_EXFILTRATION]: Network operations are restricted to the official github.com domain via the authenticated gh tool. There is no evidence of sensitive data, such as local SSH keys or AWS credentials, being accessed or transmitted to unauthorized external hosts.
[PROMPT_INJECTION]: The skill does not contain instructions that attempt to bypass safety filters or override agent constraints. While it processes data from external repositories, it encourages the use of structured output (--json) and filtering (--jq), which reduces the risk of indirect prompt injection from untrusted API responses.

github-cli-ops