The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/main.cjs utilizes child_process.spawnSync with the shell: true option enabled. This configuration executes the GitHub CLI and its arguments through a system shell, which is vulnerable to command injection if arguments (such as repository names or file paths) contain shell metacharacters like ;, &, |, or $().
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process data from external, potentially untrusted GitHub repositories.
Ingestion points: Output from gh api and repository file contents fetched as described in SKILL.md and templates/implementation-template.md.
Boundary markers: Absent; the skill does not implement delimiters or explicit instructions to the agent to ignore embedded commands within the fetched data.
Capability inventory: The skill has the capability to execute shell commands via scripts/main.cjs and perform file system operations via the Read tool.
Sanitization: The hooks/pre-execute.cjs file provides basic platform-specific path checks for Windows environments but lacks robust escaping or validation for shell-sensitive characters in the command arguments.

github-ops