The Agent Skills Directory

Dynamic Execution (MEDIUM): In CREATE_ISSUE.md, the skill executes a Node.js script via the shell to generate environment variables (TMPDIR and TIMESTAMP). While used for utility, this pattern involves runtime execution of generated code.
Indirect Prompt Injection (LOW): The skill is designed to read and display content from GitHub issues and comments (e.g., in VIEW_ISSUE.md), which are untrusted external sources. An attacker could embed instructions in a GitHub issue that the agent might inadvertently follow when 'viewing' or 'summarizing' the issue.
Ingestion points: VIEW_ISSUE.md (fetches title, body, and comments), LIST_ISSUES.md (fetches titles and labels).
Boundary markers: Absent. The instructions do not direct the agent to treat issue content as untrusted data or use delimiters to prevent command leakage.
Capability inventory: The skill can execute shell commands (gh CLI), write to the local filesystem (Write tool), and edit existing GitHub resources.
Sanitization: While the skill recommends using --body-file to prevent shell injection during writes, it lacks sanitization for data being read into the LLM context.

github