The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to execute the shell command copilot -p "依頼内容" by interpolating the user's request content directly into the command string. This pattern is highly susceptible to shell command injection attacks. An attacker can use control characters such as semicolons (;), pipes (|), or command substitution syntax ($() or backticks) to break out of the intended command and execute unauthorized shell operations with the privileges of the agent. For example, a user request like test"; whoami; # would cause the system to execute the whoami command.

copilot-delegate