The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands using variables that incorporate user-provided input, specifically the BASE_BRANCH argument. In commands like git diff origin/${BASE_BRANCH}...HEAD, the lack of shell escaping or sanitization allows for potential command injection if a user provides a malicious branch name containing shell metacharacters.
[COMMAND_EXECUTION]: The skill automatically runs pnpm preflight and pnpm preflight:build commands. This triggers the execution of arbitrary scripts defined in the repository's package.json. If this skill is used within an untrusted or compromised repository, it could lead to the execution of malicious local code.
[CREDENTIALS_UNSAFE]: The instruction specifically directs the agent to 'compare .env* files in the repo root' to identify security risks or naming inconsistencies. While intended as a safety check, this grants the agent access to potentially sensitive credentials, API keys, and secrets stored in environment files.
[DATA_EXFILTRATION]: The skill generates a detailed Pull Request body by analyzing the repository's diffs and commit history. If the source code or commit messages contain sensitive information, this data is automatically formatted into a summary and published to a GitHub Pull Request, potentially exposing internal data to a wider audience than intended.

ah-create-pr