The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/fetch_trends.py makes network requests to api.github.com to retrieve repository metadata. This is a well-known service and the operation is necessary for the skill's primary function.
[DATA_EXPOSURE]: The skill can use a GitHub personal access token (via environment variable or command-line argument) to increase API rate limits. This is standard practice for tools interacting with the GitHub API and is handled through standard configuration methods.
[PROMPT_INJECTION]: As an indirect risk, the skill processes external data (repository names and descriptions) which could contain malicious instructions.
Ingestion points: Data enters the system via the gh_search function in scripts/fetch_trends.py which calls the GitHub Search API.
Boundary markers: No explicit boundary markers or instructions to ignore embedded content are used when formatting the leaderboard.
Capability inventory: The skill's capabilities are restricted to fetching data and printing formatted text to standard output for chat display. It does not perform file system writes, subprocess execution, or secondary network requests based on the fetched data.
Sanitization: The script performs basic truncation on repository descriptions to 80 characters, which limits the volume of potentially injected text, though it does not explicitly sanitize for markdown or instruction injection.

github-ai-trends