The Agent Skills Directory

Shell Command Interpolation: The skill directly interpolates the {description} placeholder into several shell commands, such as git checkout -b "{description}" and git commit -m "{description}". If the description contains shell-sensitive characters (like semicolons or backticks), it could lead to command injection where unintended shell commands are executed in the user's environment.
Ambiguous Execution Pattern: The instruction to "run pr-body.md" presents a security consideration. In many agent execution contexts, "run" can be interpreted as a request to execute a file as a script. If the agent populates this file with a user-provided description and then attempts to execute it, it could result in arbitrary code execution.
Automated Dependency Installation: The workflow includes a step to automatically install missing dependencies or tools if checks fail. This pattern allows the agent to execute installation commands (e.g., npm install, pip install) based on the contents of the repository being worked on. While standard for automation, users should be aware that this executes third-party scripts from the local environment.
Autonomous Network Operations: The skill utilizes GH_PROMPT_DISABLED=1 and GIT_TERMINAL_PROMPT=0 when calling the GitHub CLI. These flags suppress interactive prompts, allowing the agent to perform network-facing operations (like pushing code and creating PRs) with increased autonomy and reduced user oversight.

yeet