The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains instructions to download shell scripts and pipe them directly to the bash interpreter. This pattern executes unverified remote code with the current user's privileges and is a significant security risk.
Evidence in SKILL.md: curl -fsSL https://raw.githubusercontent.com/dutifuldev/ghreplica/main/scripts/install-ghr.sh | bash and curl -fsSL https://raw.githubusercontent.com/dutifuldev/prtags/main/scripts/install-prtags.sh | bash.
[EXTERNAL_DOWNLOADS]: The skill relies on fetching external resources, including shell scripts and a Python package (pr-search-cli) via uvx, from sources that are not established as trusted.
Evidence in SKILL.md: Use of uvx --from pr-search-cli pr-search to run external code.
[COMMAND_EXECUTION]: The skill's primary functionality is built upon the execution of numerous shell commands (ghr, prtags, uvx, curl), providing a broad surface for potential command injection if parameters are not correctly handled.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from GitHub pull requests and issues which could contain malicious instructions.
Ingestion points: The skill reads PR/Issue bodies and comments via ghr (e.g., ghr pr view, ghr search mentions in SKILL.md).
Boundary markers: No delimiters or instructions to ignore embedded commands are specified when processing this data.
Capability inventory: The agent has access to multiple shell-based tools (ghr, prtags, uvx) that perform network and file operations.
Sanitization: No evidence of sanitization or validation of the ingested GitHub content is present.

tag-duplicate-prs-issues