The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to interact with GitHub and Baidu iCafe. It uses templates that interpolate user-provided strings—such as feature titles, descriptions, and workspace identifiers—directly into command arguments.
Evidence: In SKILL.md (Step 3.3), the skill provides shell command patterns for gh issue create and icafe-cli card create that use placeholders for user content. It also allows users to specify folder paths for local issue storage, which are passed to mkdir -p commands.
Risk: The instructions lack guidance for the agent to sanitize or escape these inputs, which could lead to command injection if malicious strings are processed.
[EXTERNAL_DOWNLOADS]: The skill relies on external command-line utilities to perform its core functionality.
Evidence: README.md and SKILL.md specify prerequisites including the GitHub CLI (gh) and the Baidu iCafe CLI (icafe-cli). These are well-known technology services and are documented here for transparency regarding the skill's dependencies.

prd