Agent skill

gh-cli

Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.

View SKILL.md on GitHub Repository
Stars 4,181
Forks 369

Install this agent skill to your Project

npx add-skill https://github.com/trailofbits/skills/tree/main/.codex/skills/gh-cli

SKILL.md

gh-cli

When to Use

  • Working with GitHub repositories, pull requests, issues, releases, or raw file URLs.
  • You need authenticated access to private repositories or higher API rate limits.
  • You are about to use curl, wget, or unauthenticated web fetches against GitHub.

When NOT to Use

  • The target is not GitHub.
  • Plain local git operations already solve the task.

Guidance

Prefer the authenticated gh CLI over raw HTTP fetches for GitHub content. In particular:

  • Prefer gh repo view, gh pr view, gh pr list, gh issue view, and gh api over unauthenticated curl or wget.
  • Prefer cloning a repository and reading files locally over fetching raw.githubusercontent.com blobs directly.
  • Avoid using GitHub API /contents/ endpoints as a substitute for cloning and reading repository files.

Examples:

sh
gh repo view owner/repo
gh pr view 123 --repo owner/repo
gh api repos/owner/repo/pulls

For the original Claude plugin implementation, see:

  • plugins/gh-cli/README.md
  • plugins/gh-cli/hooks/

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

trailofbits/skills

supply-chain-risk-auditor

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.

4,181 369
Explore
trailofbits/skills

zeroize-audit

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

4,181 369
Explore
trailofbits/skills

sharp-edges

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by default' and 'pit of success' principles. Triggers: footgun, misuse-resistant, secure defaults, API usability, dangerous configuration.

4,181 369
Explore
trailofbits/skills

insecure-defaults

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

4,181 369
Explore
trailofbits/skills

dwarf-expert

Provides expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5). Triggers when understanding DWARF information, interacting with DWARF files, answering DWARF-related questions, or working with code that parses DWARF data.

4,181 369
Explore
trailofbits/skills

differential-review

Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase size, uses git history for context, calculates blast radius, checks test coverage, and generates comprehensive markdown reports. Automatically detects and prevents security regressions.

4,181 369
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results