The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses user-supplied input from $ARGUMENTS (JIRA IDs or URLs) directly within shell commands in steps 3 and 7. Specifically, acli jira workitem view <JIRA-ID> and git worktree add <worktree-path>. If the JIRA ID is not strictly validated or sanitized by the agent, this creates a command injection vulnerability where shell metacharacters could be used to execute arbitrary commands.
[DATA_EXFILTRATION]: Step 10 involves copying the .env file to a new directory. Although the operation is local, the destination path is derived from the user-provided JIRA ID. If the path is manipulated (e.g., using directory traversal like ../../), sensitive environment variables could be placed in unexpected or less secure locations.
[REMOTE_CODE_EXECUTION]: Step 8 automatically executes package installation commands (npm ci, yarn install, pnpm install, or bun install) inside the newly created worktree. These commands typically trigger lifecycle hooks (e.g., preinstall, postinstall) defined in the project's package.json, leading to the execution of code from the project's dependency tree.
[COMMAND_EXECUTION]: Step 9 executes mise trust in the new worktree. This instructs the mise runtime manager to trust any .mise.toml or .tool-versions files in the directory, which can result in the automatic installation and execution of specific tool versions or environment configurations.

setup-branch