The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (gh). Specifically, the workflow uses gh issue view $1 and gh issue list. The direct interpolation of the $1 argument without sanitization creates a risk of command injection if the input contains shell metacharacters like semicolons or pipes.
[PROMPT_INJECTION]: The skill is highly vulnerable to Indirect Prompt Injection. Ingestion points: The skill reads external, potentially attacker-controlled content from GitHub issues (gh issue view $1) and repository files (project.md). Boundary markers: None. The agent is instructed to "flesh out" and "investigate" these issues without any delimiters or instructions to ignore embedded commands. Capability inventory: The skill possesses high-impact capabilities, including shell command execution, file system modifications via /build and /refactor, and the ability to open pull requests. Sanitization: No sanitization or escaping is performed on the ingested issue content, allowing instructions embedded in an issue description to potentially hijack the agent's workflow.

autopilot