The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs direct shell command interpolation using the user-provided $ARGUMENTS variable (intended to be an issue number). Commands like git checkout -b issue-$ARGUMENTS-[desc] and gh issue view #$ARGUMENTS could be exploited if the input contains shell metacharacters (e.g., semicolons or backticks), leading to arbitrary code execution on the user's machine.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from GitHub issues.
Ingestion points: Untrusted content is ingested from the output of gh issue view into the context of 'Haiku' and 'Sonnet' agents.
Boundary markers: There are no explicit boundary markers or instructions to the sub-agents to ignore embedded commands within the issue text.
Capability inventory: The agent has the capability to write files (issue_analysis_$ARGUMENTS.md), execute shell commands (git, gh, lint, tests), and modify the codebase.
Sanitization: No sanitization or filtering of the issue description is performed before it is analyzed and used to generate implementation plans.

pr