The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the official GitHub REST OpenAPI specification from the GitHub organization's public repository (raw.githubusercontent.com/github/rest-api-description). This is a well-known and trusted source used for legitimate tool configuration.
[COMMAND_EXECUTION]: The skill uses the uxc and gh command-line utilities. These tools are intended for API interaction and authentication management respectively, aligning with the skill's stated purpose.
[CREDENTIALS_UNSAFE]: The skill correctly avoids hardcoding secrets. It provides instructions to import credentials directly from the authenticated GitHub CLI or use environment variables, and it includes a clear warning against committing tokens to the repository.
[DATA_EXFILTRATION]: Network operations are directed strictly to the official GitHub API endpoint (api.github.com). There are no indications of data being sent to unauthorized or suspicious third-party domains.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads and processes external data from GitHub (such as issue bodies or pull request descriptions) which could contain adversarial instructions.
Ingestion points: External data enters the agent context via API read operations like get:/repos/{owner}/{repo}/issues.
Boundary markers: None explicitly defined in the skill instructions to separate tool output from agent instructions.
Capability inventory: The skill possesses the capability to perform mutations (writes) via the github-openapi-cli alias (e.g., creating issues or comments).
Sanitization: No explicit sanitization or filtering of API response data is implemented in the provided scripts.
Mitigation: To counter this, the skill includes a critical guardrail requiring explicit user confirmation before executing any high-risk write operations, which provides a human-in-the-loop safety checkpoint.

github-openapi-skill