The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamically generates and executes shell commands for various git CLI tools and curl. It inserts variables derived from the repository's git history, such as commit subjects and branch names, into command arguments. This process lacks explicit sanitization, which could allow for command injection if an attacker crafts malicious commit messages or branch names containing shell metacharacters.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its processing of repository-supplied data. Ingestion points: Commit messages retrieved via git log, branch names, and diff statistics. Boundary markers: No delimiters or instructions are provided to the agent to distinguish between the generated PR structure and the untrusted content from the repository. Capability inventory: The skill possesses capabilities for command execution and network requests. Sanitization: The instructions do not define any sanitization or validation steps for the metadata extracted from the git environment.
[EXTERNAL_DOWNLOADS]: The skill utilizes curl to interact with Bitbucket's REST APIs. These network operations are directed by the git remote configuration, meaning that a manipulated repository environment could potentially direct these requests to unauthorized external endpoints.

pr-create