The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the $ARGUMENTS variable directly within shell commands such as gh issue view $ARGUMENTS, gh issue comment $ARGUMENTS, and git checkout -b fix/issue-$ARGUMENTS-{description}. If the platform does not properly sanitize these arguments, it could allow for command injection where a user or an automated process provides malicious shell metacharacters to execute unauthorized commands.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It retrieves issue descriptions and comments using gh issue view, which are then used to inform the agent's implementation plan and code changes. An attacker could embed malicious instructions in a GitHub issue to manipulate the agent's logic or force it to perform unauthorized actions during the fix process.
Ingestion points: Output from gh issue view (SKILL.md).
Boundary markers: None present to distinguish untrusted issue data from system instructions.
Capability inventory: Shell execution (gh, git, npm, uv), file system modification, and pull request creation.
Sanitization: None present; the agent is instructed to "Understand the problem" and "Identify the root cause" directly from the ingested content.

gh-issue