This teaches Claude to use the GitHub CLI instead of falling back to curl or wget when interacting with GitHub. The key win is automatic authentication, so you're not hitting rate limits or dealing with token management when viewing PRs, issues, releases, or API data. Trail of Bits put this together to stop agents from making unnecessary unauthenticated requests to public repos. One caveat: it explicitly tells you not to use this for GitHub Pages sites, since those are just regular web content. If you're doing any repo browsing or GitHub API work, this will save you from a lot of 403s and make your workflows cleaner.
npx skills add https://github.com/trailofbits/skills --skill using-gh-cli