The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill uses the Bash tool to execute gh CLI commands such as gh issue create. User-provided content, including issue titles and descriptions, is interpolated into these shell commands. While the templates suggest double-quoting, there are no instructions for the agent to escape shell metacharacters, which could allow a malicious user to attempt arbitrary command execution via crafted input.
PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted user data and possesses significant capabilities like shell access. Ingestion points: User input gathered via the AskUserQuestion tool or general chat context. Boundary markers: Absent; no specific delimiters are defined to isolate user input from agent instructions. Capability inventory: Bash, gh CLI (with repository write access), Grep, Glob. Sanitization: Absent; the instructions do not require the agent to validate, sanitize, or escape user-provided strings before they are incorporated into executable commands.

github-issue-planner