The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use the environment variable GIT_SSL_NO_VERIFY=1 when operating in sandbox environments. This explicitly disables TLS certificate validation for GitHub CLI and Git operations, which bypasses essential security protections and exposes the connection to Man-in-the-Middle (MitM) attacks.\n- [COMMAND_EXECUTION]: The skill is vulnerable to command injection because it instructs the agent to interpolate user-controlled strings (titles and descriptions) directly into shell commands using double quotes (e.g., gh project item-create ... --title \"<タイトル>\"). A malicious user could provide input containing a closing double quote and shell command separators to execute arbitrary code on the host system.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to read and parse untrusted data from multiple external and local sources.\n
Ingestion points: Source data is collected from file paths (Markdown, YAML), external URLs (GitHub Issues, Wiki), and direct user input as described in SKILL.md (Step 1).\n
Boundary markers: The instructions lack any boundary markers or system prompts to ignore potential instructions embedded within the processed data.\n
Capability inventory: The agent uses gh project CLI commands to interact with and modify GitHub project resources as defined in SKILL.md (Steps 3-5).\n
Sanitization: There is no logic or instruction for the agent to sanitize, escape, or validate the data parsed from external sources before using it in subsequent operations.

project-add-items