The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from GitHub, creating a surface for indirect prompt injection.
Ingestion points: The skill reads external data via gh issue view $1 --comments in SKILL.md to gather context for architectural design.
Boundary markers: Content retrieved from GitHub is passed to tools like codex and gemini without explicit delimiters or instructions to ignore embedded commands.
Capability inventory: The skill has the ability to modify GitHub issues (gh issue comment, gh issue edit), write to the local filesystem (~/.agent/diagrams/), and execute the open command.
Sanitization: No sanitization or validation of the ingested issue comments is performed before processing.
[COMMAND_EXECUTION]: Several shell commands are constructed using variables that could potentially contain unsanitized input.
Evidence: The $1 argument (Issue ID) is used directly in gh commands without shell quoting. Additionally, the {feature} variable used in the open command for visual deliverables could lead to command injection if the feature name contains shell metacharacters such as pipes or semicolons.

architect