The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements automation scripts that process untrusted data from GitHub, creating a surface for indirect prompt injection where malicious content in a repository could influence the agent's automated actions.
Ingestion points: The issue-triage.sh script ingests issue titles and bodies using gh issue list, and automation-workflows.md contains a script that ingests pull request diffs using gh pr diff.
Boundary markers: Absent. The scripts process raw string data from external sources without using delimiters or instructions to ignore embedded prompts.
Capability inventory: The scripts possess the capability to modify repository resources, such as editing issues/PRs, applying labels, and assigning users.
Sanitization: Absent. The scripts use simple keyword matching (e.g., grep -qi) to drive logic, which does not protect against adversarial inputs designed to manipulate the automation.
[COMMAND_EXECUTION]: The skill includes multiple shell scripts (e.g., auto-pr-create.sh, issue-triage.sh, release-automation.sh) that execute various system and development tools including gh, git, jq, sed, awk, and language-specific test runners like npm, make, and pytest.
[EXTERNAL_DOWNLOADS]: The skill documents the installation and use of GitHub CLI extensions from external repositories using the gh extension install command, which involves downloading and potentially executing third-party code.
[CREDENTIALS_UNSAFE]: The skill provides instructions and examples for managing sensitive authentication data and keys, including logging in with tokens (gh auth login --with-token), setting repository secrets (gh secret set), and adding SSH keys from local paths.

cli-gh