The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands by interpolating user-provided inputs like project titles and descriptions into 'gh project' commands. This pattern is vulnerable to shell command injection if the input contains metacharacters such as backticks, quotes, or semicolons. Additionally, the skill suggests using 'GIT_SSL_NO_VERIFY=1', which disables TLS certificate verification and increases the risk of man-in-the-middle attacks.
[PROMPT_INJECTION]: Indirect prompt injection surface identified. Ingestion points: User-supplied metadata for project title, owner, and description in SKILL.md. Boundary markers: Absent; there are no instructions for the agent to use delimiters or treat input as non-executable data. Capability inventory: Subprocess execution via the 'gh' CLI. Sanitization: Absent; the instructions do not require the agent to validate or escape characters before shell interpolation.

project-init