The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/install-skill-from-github.py to execute git commands for cloning and sparse-checkouts. The implementation passes arguments as a list rather than a shell string, which is a best practice that prevents shell command injection.
[EXTERNAL_DOWNLOADS]: The skill fetches content from github.com and codeload.github.com. It validates that URLs belong to the official GitHub domain before initiating downloads. It defaults to fetching curated skills from the trusted openai/skills repository.
[SAFE]: The installation script includes a security check (_safe_extract_zip) that prevents ZipSlip vulnerabilities. It verifies that all files within a downloaded ZIP archive resolve to paths inside the target destination directory, preventing malicious path traversal attacks.
[CREDENTIALS_UNSAFE]: The skill reads GITHUB_TOKEN and GH_TOKEN from the environment to authenticate GitHub API requests. This is a standard mechanism for authorized API access and the tokens are only transmitted to legitimate GitHub endpoints.

skill-installer