Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.
Files3
@skills/gh-cli/SKILL.md
@skills/gh-cli/agents/openai.yaml
@skills/gh-cli/assets/trail-of-bits-mark.svg
gh-cli
When to Use
Working with GitHub repositories, pull requests, issues, releases, or raw file URLs.
You need authenticated access to private repositories or higher API rate limits.
You are about to use curl, wget, or unauthenticated web fetches against GitHub.
When NOT to Use
The target is not GitHub.
Plain local git operations already solve the task.
Guidance
Prefer the authenticated gh CLI over raw HTTP fetches for GitHub content. In particular:
Prefer gh repo view, gh pr view, gh pr list, gh issue view, and gh api over unauthenticated curl or wget.
Prefer cloning a repository and reading files locally over fetching raw.githubusercontent.com blobs directly.
Avoid using GitHub API /contents/ endpoints as a substitute for cloning and reading repository files.