The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Python script .claude/skills/gh/scripts/github_project_setup.py using uv run. Arguments for this script, including --title and --body, are populated from backlog items. There is a risk of command injection if these items contain shell metacharacters and are not properly escaped before the subprocess call.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the following surface: 1. Ingestion points: Backlog item files are read using the mcp__plugin_dh_backlog__backlog_list tool. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present when presenting selection lists or building issue bodies. 3. Capability inventory: The skill can execute shell commands via uv run and write to local files. 4. Sanitization: No sanitization or validation of external backlog content is performed before it is interpolated into prompts or commands.

group-items-to-milestone