feat: expose gh CLI in sandbox for github skills

[sentry-junior]

Summary

GitHub skills currently use a custom Node script (gh_issue_api.mjs) for all GitHub API mutations. Exposing the gh CLI in the sandbox would give skills a more capable, idiomatic interface for GitHub operations — covering PRs, search, runs, and more beyond issue CRUD.

Current Behavior

• All GitHub API calls go through skills/gh-issue/scripts/gh_issue_api.mjs, a thin wrapper over the REST API.
• The sandbox (node22 image) does not have gh installed.
• Skills are limited to issue create/update/comment/label operations exposed by the custom script.

Gap / Opportunity

• gh CLI supports PRs, Actions runs, repo search, gists, and codespaces — operations the custom script does not expose.
• Skills that need to read PR state, trigger workflow dispatches, or query cross-repo data currently have no clean path.
• Installing gh in the sandbox image (or making it available at skill execution time) would unlock a much broader surface area with minimal skill-side code.

Prior Art

• gh CLI supports GH_TOKEN env for auth, compatible with short-lived installation tokens already used by the harness — no new auth model needed.
• Harness already injects scoped credentials via jr-rpc issue-credential; gh can consume the same token via GH_TOKEN.

Options

• Install gh in the sandbox image — simplest path; available to all skills, no per-invocation overhead. Requires updating the base image.
• Download gh at skill boot — no image change needed, but adds cold-start latency and network dependency per invocation.
• Extend gh_issue_api.mjs piecemeal — no new tooling, but maintenance burden grows with each new operation and still won't match gh breadth.

Recommended Direction

Install gh in the sandbox image and wire GH_TOKEN injection through jr-rpc issue-credential (same pattern as today). This keeps the auth model unchanged and gives all current and future skills access to the full gh surface area immediately.

Acceptance Criteria

• gh CLI is available in the sandbox (which gh returns a path).
• jr-rpc issue-credential github.issues.write (or equivalent) sets GH_TOKEN so gh commands succeed without manual token handling.
• At least one existing skill operation can be rewritten or aliased using gh and produces identical results.
• sandbox-runtime.md is updated to document gh availability and the auth wiring pattern.

Risks

• gh version pinning: if the image is rebuilt without pinning, a gh upgrade could silently break skill scripts. Mitigation: pin version in image definition and document it.
• Token scope: installation tokens may not cover all gh subcommands (e.g., gists). Mitigation: document known limitations; don't expand token scopes speculatively.

Sources

• /vercel/sandbox/skills/gh-issue/references/sandbox-runtime.md
• /vercel/sandbox/skills/gh-issue/references/github-issue-api.md
• https://cli.github.com/manual/