The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to read and process content from GitHub issues, comments, and projects, which are external and untrusted data sources.
Ingestion points: Data enters the agent context via mcp__github__issue_read, mcp__github__list_issues, mcp__github__search_issues, and project-related tools described in SKILL.md and references/projects.md.
Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the fetched GitHub content.
Capability inventory: The skill has the capability to execute shell commands via the gh CLI (REST and GraphQL) to modify repository data, and it suggests using puppeteer-core for local browser-based tasks (as seen in references/images.md).
Sanitization: There is no evidence of sanitization or validation of the content retrieved from GitHub before it is used to influence the agent's next steps.
[COMMAND_EXECUTION]: The skill heavily relies on the GitHub CLI (gh) for write operations such as creating and updating issues, which involves executing shell commands. This is the primary and intended method of operation for the skill.

github-issues