The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/create-ticket.ts executes git-related operations by passing user-supplied data to internal utility functions.
Evidence: The script calls createBranch(ticket.key, options.summary, options.type) and createPullRequest, where options.summary is a direct CLI argument that can contain arbitrary characters.
[EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to download third-party dependencies from an external registry.
Evidence: SKILL.md contains the instruction npm install within the .github/skills directory.
[CREDENTIALS_UNSAFE]: The skill's configuration pattern involves storing sensitive authentication secrets in an unencrypted format on the local file system.
Evidence: SKILL.md recommends creating a .env file to store JIRA_API_TOKEN and JIRA_EMAIL.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user input and uses it to drive automated actions.
Ingestion points: User-provided strings via the --summary, --description, and --acceptance-criteria flags in scripts/create-ticket.ts.
Boundary markers: None identified in the script or instructions.
Capability inventory: Creating Jira tickets, generating local git branches, pushing code to remote repositories, and opening Pull Requests.
Sanitization: No sanitization logic is visible in the script to ensure the summary or description does not contain malicious sequences that could affect shell execution or Jira formatting.

create-ticket