The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references and fetches documentation, syntax guides, and versioning data from well-known and trusted sources, including docs.github.com, nodejs.org, and official GitHub repositories.
[COMMAND_EXECUTION]: The github_project_setup.py script executes the GitHub CLI (gh) using subprocess.run. The implementation uses argument lists rather than shell strings, which is a standard security practice to prevent shell injection vulnerabilities.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from GitHub (such as issue titles, PR descriptions, and workflow logs) which presents a theoretical surface for indirect prompt injection. However, the risk is mitigated by the use of structured API libraries (PyGithub) rather than raw shell concatenation for most operations.
Ingestion points: GitHub issue and PR content in github_project_setup.py; Workflow run logs in ci_monitor.cjs.
Boundary markers: Absent. The skill does not explicitly delimit external content within its internal processing logic.
Capability inventory: File system access for script execution, subprocess execution of the gh CLI, and write access to GitHub resources (issues, labels, milestones).
Sanitization: Absent. External content is passed directly to the PyGithub and gh CLI wrappers.
[DYNAMIC_EXECUTION]: The test suite test_github_project_setup.py utilizes importlib.util and exec_module to dynamically load and test the project management script. This is a common pattern in automated testing and does not indicate malicious intent in this context.
[DATA_EXFILTRATION]: While the skill communicates with github.com using GITHUB_TOKEN, these operations are confined to the intended purpose of managing repository resources and do not target non-whitelisted or suspicious domains.

github-workflows