The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Python's subprocess module and Bash scripts to execute GitHub CLI (gh) commands. This implementation uses structured parameter passing rather than shell concatenation, which is the standard best practice for CLI wrappers.
[DATA_EXFILTRATION]: All network operations are directed towards GitHub's official API via the authenticated gh tool. This behavior is consistent with the skill's primary objective of managing repository resources.
[EXTERNAL_DOWNLOADS]: The documentation in EXTENSIONS.md recommends installing third-party GitHub CLI extensions. These are presented as optional developer tools for the user to install manually and are not downloaded automatically by the skill's scripts.
[PROMPT_INJECTION]: The references/copilot-prompts.md file contains educational content and guidelines for writing effective instructions for GitHub Copilot. These guidelines are functional for the intended use case and do not contain attempts to bypass agent safety filters.
[COMMAND_EXECUTION]: The scripts/test_workflow_locally.py utility provides a mechanism to test GitHub Actions locally using Docker and the act tool, which is a common and safe practice for CI/CD development.

github