The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses git remote -v and reads .git/config to discover the repository's origin (GitHub or GitLab). This is a standard discovery process used to tailor the configuration to the project's environment.
[COMMAND_EXECUTION]: The skill provides templates for using official command-line interfaces, specifically gh (GitHub CLI) and glab (GitLab CLI), to manage issues and notes. These are well-known developer tools and their usage here is consistent with the skill's stated purpose of issue tracker integration.
[DATA_EXPOSURE]: Accessing repository metadata like remote URLs and branch configurations is part of the skill's setup process. No sensitive credentials (API keys, tokens) are accessed or hardcoded, and no data is exfiltrated to external domains.
[INDIRECT_PROMPT_INJECTION]: The skill reads and modifies local files like CLAUDE.md and AGENTS.md. This ingestion of existing project documentation creates a potential surface for indirect injection if those files were pre-poisoned by an attacker, but this is a standard risk for any development tool that integrates with repository documentation.

setup-leandrocfe-skills