The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs a shell command by interpolating user input directly into the command line: copilot -p "<prompt>" --no-ask-user. This pattern is vulnerable to command injection if the input contains shell metacharacters like semicolons, pipes, or backticks, potentially allowing execution of arbitrary commands on the host system.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted user data through an external LLM-powered CLI tool. * Ingestion points: The <prompt> variable in the Dispatch section of SKILL.md. * Boundary markers: Absent. The prompt is passed directly without delimiters or 'ignore embedded instructions' warnings. * Capability inventory: The skill has the capability to execute the copilot CLI tool. * Sanitization: Absent. There is no evidence of input validation, escaping, or sanitization before the data is processed by the external tool.

skill-copilot-provider