cli-gh
Use for GitHub CLI automation: repository reads, workflow runs, search, codespaces, releases, configuration, or gh command syntax. Use yeet for contribution writes to PRs, issues, comments, or discussions.
How do I install this agent skill?
npx skills add https://github.com/paulrberg/agent-skills --skill cli-ghIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill provides expert guidance and automation for the GitHub CLI (gh). It includes several shell scripts for automating common DevOps tasks such as pull request management, issue triage, and release workflows. While the skill is professionally authored and includes explicit safety rules against destructive operations, its automation scripts process untrusted external data from GitHub (such as issue and pull request content), which introduces a surface for indirect prompt injection. Additionally, the skill provides documentation for managing sensitive credentials and installing third-party extensions.
- Socketpass
No alerts
- Snykwarn
Risk: MEDIUM · 1 issue
- Runlayerwarn
9/9 files flagged
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
GitHub CLI
Route GitHub CLI work through current gh help and load only the reference for the active task.
Boundary with yeet
Use yeet when the requested outcome is to create or update a pull request, issue, issue comment, or discussion. yeet
owns semantic analysis, repository templates, Paul's writing voice, idempotency, and direct posting. Use this skill for
read-only GitHub inspection, command syntax, searches, workflow operations, codespaces, releases, configuration, and
other GitHub automation.
Authority
- Read and inspect without confirmation.
- Execute reversible or ordinary GitHub writes only when the user explicitly requested that outcome.
- Never delete repositories, releases/assets, workflow runs/caches, secrets/variables, keys, codespaces, extensions, or gists.
- Label deletion is the sole destructive exception: show the target repo, exact labels, commands, and issue/PR impact,
then require approval in a subsequent message before
gh label delete ... --yes. - Route repository renames through
repo-renameso GitHub and local continuity change together.
Workflow
-
Resolve the repository explicitly when cwd is ambiguous. Let the first required read-only command validate authentication; run
gh auth statusonly for auth diagnosis. -
Inspect
gh <command> <subcommand> --helpfor the installed version before relying on flags or JSON fields. Prefer--jsonplus--jqfor machine-readable results. -
Load only the relevant reference:
Task Reference Workflow runs, checks, logs references/workflows-actions.mdReleases references/releases.mdSearch references/search.mdJSON fields and jq references/json-output.mdLabels references/labels.mdCodespaces references/codespaces.mdDiscussions syntax (not authored contribution workflow) references/discussions.mdGists references/gists.mdAliases, API, extensions, org/projects, secrets, rulesets references/advanced-features.mdReusable automation patterns references/automation-workflows.mdFailures and auth/rate limits references/troubleshooting.md -
Preview commands that have broad write scope. After a requested write, fetch the resulting resource and report its URL or stable identifier.
Completion requires the requested GitHub state or data plus command/output evidence. On a partial or ambiguous write failure, check whether the resource changed before retrying.
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/paulrberg/agent-skills/cli-gh">View cli-gh on skillZs</a>