The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to interact with the GitHub API for managing Pull Requests and Discussions. This includes making GET, POST, and PATCH requests to repository endpoints.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by fetching and processing external data from GitHub comments and discussions. Evidence: (1) Ingestion points: SKILL.md (commands for listing comments and viewing discussions). (2) Boundary markers: None; fetched text is processed directly. (3) Capability inventory: The skill can create comments and modify PR states using gh api. (4) Sanitization: No explicit sanitization or instruction to ignore embedded commands is provided.

gh-api