The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates untrusted external data ($ARGUMENTS) directly into the agent context without using boundary markers or instructions to ignore embedded commands.
Ingestion points: The $ARGUMENTS variable in SKILL.md, representing user-provided issue titles or descriptions, is used as input for the branch name generation process.
Boundary markers: Absent. No delimiters (such as triple quotes or XML tags) or protective instructions are used to separate user data from the system prompts.
Capability inventory: The Bash tool is listed in the allowed-tools frontmatter, which could be leveraged if malicious instructions hidden in the issue context were executed by the agent.
Sanitization: Absent. While the logic converts text to lowercase and replaces spaces, no security-specific validation or filtering is performed on the input to prevent prompt injection.

generate-branch-name