The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's workflow (Phases 8, 9, and 10) involves executing 'gh issue create' commands that incorporate strings derived from user input, such as feature names and PRD content. The provided templates interpolate these variables into shell commands using double quotes, which is vulnerable to command injection if the user-provided text contains shell metacharacters like backticks, semicolons, or command substitutions.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user specifications in Phase 0 to generate project documentation and tasks. Ingestion points: User-provided feature ideas and specifications in SKILL.md. Boundary markers: Absent; there are no instructions to the agent to delimit or ignore instructions within user data. Capability inventory: Shell command execution via the 'gh' CLI and repository exploration via an 'Explore' agent. Sanitization: Absent; the skill does not instruct the agent to escape or validate user-provided content before interpolation into prompts or shell commands.

ai-to-prd