The Agent Skills Directory

[COMMAND_EXECUTION]: The provided templates for automation scripts and workflows contain a command injection surface where branch names are interpolated directly into shell strings. \n- Ingestion points: Branch names are ingested via git rev-parse (in templates/scripts/branch.ts) and ${{ github.head_ref }} (in templates/workflows/cleanup-neon-branch.yml). \n- Boundary markers: The templates do not use shell-escaping or proper quoting when passing variables to shell commands. \n- Capability inventory: The templates utilize node:child_process.execSync and GitHub Actions run steps to execute commands with neonctl and psql. \n- Sanitization: No validation or sanitization of branch names is performed in the templates, allowing potential execution of arbitrary commands if a branch name contains shell metacharacters.

isolated-db-branches