The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands for GitHub and Baidu iCafe using data (Title, Description) that originates from user-provided feature descriptions.
Evidence: In SKILL.md under Step 3.3, instructions define command strings like gh issue create --title "[Title]" --body "[Description + Acceptance Criteria]" and icafe-cli card create --space [SPACE] --title "[Title]" --description "[Description + Acceptance Criteria]".
Risk: If generated content contains shell metacharacters (e.g., backticks, semicolons, or command substitution), it could lead to unintended command execution on the host system during the issue creation phase.
[COMMAND_EXECUTION]: User-provided parameters are passed directly to shell commands during issue creation.
Evidence: The --space parameter for Baidu iCafe and target folder paths for local issue storage (passed to mkdir -p) are retrieved from the user and used as command arguments in SKILL.md.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface where untrusted user input is processed to generate content that governs subsequent shell command execution.
Ingestion points: User feature descriptions provided at start (SKILL.md).
Boundary markers: No explicit delimiters or sanitization instructions are provided to the agent to escape shell-sensitive characters in the generated content.
Capability inventory: Shell execution via gh, icafe-cli, and mkdir -p (SKILL.md).
Sanitization: The instructions lack specific guidance on sanitizing or validating generated strings before they are used as CLI arguments, although they do include a manual user review step as a mitigation.

prd