The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to run the shell command gh pr view <pr-url> using a user-supplied parameter without quoting or sanitization. This allows for arbitrary command execution if a malicious string (e.g., ; rm -rf /) is provided. This also constitutes an indirect prompt injection surface. 1. Ingestion points: SKILL.md via the <pr-url> placeholder. 2. Boundary markers: Absent for the command invocation. 3. Capability inventory: Execution of shell commands via the gh tool. 4. Sanitization: No quoting or validation is performed on the user input before its use in the shell.

close-issue