The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes gh (GitHub CLI) and jq via subprocesses to fetch and filter discussion data. The Python implementation uses argument lists with subprocess.run, and the shell script properly quotes variables, which prevents shell command injection vulnerabilities.
[PROMPT_INJECTION]: The skill retrieves untrusted content from GitHub discussions (titles and bodies) which could contain malicious instructions. This represents an indirect prompt injection surface. This is a common characteristic of tools designed to process external content and does not indicate malicious intent by the author.

github-discussion-query