GitHub CLI (Read-only)
When to use
Use this skill when you need to inspect GitHub data (list/view/search/fetch) without making changes:
- •Browse repos, issues, pull requests, releases/tags, commits, actions/workflows, gists
- •Summarize status (checks, CI failures) with links, not full logs
- •Run GitHub REST/GraphQL read-only queries
Do not use when the user wants to create/edit/merge/close/delete anything.
Safety Rules
- •Only run read-only commands (
list,view,status,search,api -X GET). - •Never run write actions (
create,edit,close,merge,delete,run,enable,disable,secret/variable set,repo fork/create/delete). - •For
gh api, force-X GET. For GraphQL, usequeryonly and nevermutation. - •If the user requests a write action, ask for explicit confirmation and restate the impact before proceeding.
Authentication
- •Require
GITHUB_PERSONAL_ACCESS_TOKENin the environment. If missing, ask the user to set it. - •Check status with:
- •
gh auth status -h github.com
- •
- •If not authenticated, log in without printing the token:
- •
echo "$GITHUB_PERSONAL_ACCESS_TOKEN" | gh auth login -h github.com --with-token
- •
- •Do not print the token or run commands with shell tracing enabled.
Usage Patterns
- •Prefer fully qualified repos:
--repo OWNER/REPO. - •Use
--json+--jqfor stable parsing. - •Use
--limitfor list commands and paginate withgh api --paginatewhen needed. - •Use
gh helporgh <cmd> -hto confirm a command is read-only before running it.
References
- •Use
references/gh-readonly.mdfor a categorized command map and examples.