The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/create-pr.js is vulnerable to shell command injection within the createPullRequest function. It builds the gh pr create command by directly concatenating variables such as title, body, and reviewers into a string passed to execSync. An attacker providing a crafted title (e.g., containing characters like ;, &, or backticks) can execute arbitrary shell commands with the permissions of the user running the script.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection during the documentation generation phase. 1. Ingestion points: workflows/03-doc-generation.md (Step 2) specifies that the skill reads and processes code differences from the current branch. 2. Boundary markers: No delimiters or protective instructions are utilized to separate untrusted code content from the agent's instructions. 3. Capability inventory: The skill can execute shell commands via its bundled scripts and write local files (e.g., PR_DESCRIPTION.md). 4. Sanitization: No validation or sanitization is performed on the code differences before they are processed by the agent to generate documentation.

auto-pr