The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands by directly interpolating user-provided input, such as commit messages, PR titles, and descriptions, into strings like git commit -m "<msg>" and gh pr create --title "<title>" --body "<body>". This creates a command injection risk where a user or an adversarial data source could execute arbitrary commands by including shell metacharacters (e.g., semicolons, backticks) in the text.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data that influences shell command execution. Ingestion points: User-provided strings for git and GitHub metadata in SKILL.md. Boundary markers: Absent; there are no instructions to escape or delimit the interpolated content. Capability inventory: The skill uses git and GitHub CLI tools and explicitly requests required_permissions: ['all'], providing a broad surface for potential impact. Sanitization: Absent; the skill does not perform escaping or validation on the input before command construction.

create-pr