The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill processes untrusted repository data (names, descriptions) from GitHub, which could contain malicious instructions designed to influence the agent's subsequent behavior.
Ingestion points: Output from the gh search repos command as described in Phase 2 and Phase 3 of SKILL.md and the recipes in references/output-format-recipes.md.
Boundary markers: The skill does not instruct the agent to use explicit delimiters or boundary markers to separate the external data from its own internal instructions.
Capability inventory: The skill utilizes gh CLI for data retrieval and shell processing tools like sort for data management.
Sanitization: The skill recommends using jq to truncate repository descriptions to 60 characters (.[:60]), which provides limited protection against large-scale injection payloads.
[COMMAND_EXECUTION]: The skill relies on the execution of shell commands to search the GitHub API and manipulate the resulting data.
Command logic: Orchestrates multiple gh search repos calls based on generated hypotheses.
Local processing: Uses shell pipelines (e.g., in references/dedup-and-rank.md) to deduplicate results using sort and tsv formatting.

run-github-repo-search