The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates extensive execution of GitHub CLI (gh) commands to perform operations like merging pull requests, deleting repositories, and triggering GitHub Actions workflows.
[DATA_EXFILTRATION]: The skill reads and processes information from GitHub repositories, including source code, issue discussions, pull request details, and workflow logs, which may contain sensitive project data.
[SAFE]: The documentation provides standard installation instructions for the GitHub CLI using well-known package managers such as Homebrew, APT, and WinGet.
[PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill is designed to ingest and act upon untrusted data from GitHub resources (e.g., issue bodies, PR comments, and CI logs) which could be manipulated by external actors to influence agent behavior.
Ingestion points: gh issue view, gh pr view, gh run view --log, and gh search code commands (found in SKILL.md and references/automation-workflows.md).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands in fetched data are provided.
Capability inventory: The skill possesses significant write capabilities, including repository deletion (gh repo delete), PR merging (gh pr merge), and secret management (gh secret set).
Sanitization: No sanitization or validation logic is specified for data retrieved from GitHub before it is processed or used in further commands.

github