git-pr-creation

The skill instructs the AI to construct and execute a gh pr create command. The command structure is: gh pr create --base dev --head $(git branch --show-current) --title "<TITLE>" --body "$(cat <<'EOF'<BODY>EOF)"

1. Command Injection (HIGH): The <TITLE> placeholder is directly embedded within double quotes in the gh pr create command. If the AI generates a title containing shell metacharacters (e.g., "; rm -rf /"), these could be interpreted by the shell, leading to arbitrary command execution. For example, a title like feat(auth): add JWT-based user authentication" && echo "malicious command executed" # would result in the echo command being executed. This is a direct command injection vulnerability.
2. Prompt Injection (HIGH): The risk of command injection is amplified by the nature of AI agents. A user could craft a prompt that subtly encourages the AI to generate a malicious title, effectively turning a user prompt into a command injection.
3. Positive Security Measure (INFO): The skill explicitly uses a heredoc with single quotes ('EOF') for the PR body: $(cat <<'EOF'<BODY>EOF)". This is a good practice to prevent shell interpolation of the body content, mitigating command injection risks within the body. However, this protection does not extend to the title.
4. No other major threats: No direct data exfiltration of sensitive files, obfuscation, privilege escalation, or persistence mechanisms were detected in the skill's instructions. The use of gh and git commands is expected for its functionality.

Recommendation: The skill should ensure that the PR title is also properly escaped or passed as a separate argument to gh pr create in a way that prevents shell interpretation. For example, using a temporary file for the title or a more robust escaping mechanism.