feat(skills): add create-github-issue skill#2390
Conversation
github-actions
Bot
added
the
type: feature
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
| # Build gh issue command | ||
| CMD="gh issue create --title \"$TITLE\"" | ||
|
|
||
| if [ -n "$BODY" ]; then | ||
| CMD="$CMD --body \"$BODY\"" | ||
| fi | ||
|
|
||
| if [ -n "$LABELS" ]; then | ||
| CMD="$CMD --label \"$LABELS\"" | ||
| fi | ||
|
|
||
| if [ -n "$ASSIGNEE" ]; then | ||
| CMD="$CMD --assignee \"$ASSIGNEE\"" | ||
| fi | ||
|
|
||
| if [ -n "$MILESTONE" ]; then | ||
| CMD="$CMD --milestone \"$MILESTONE\"" | ||
| fi | ||
|
|
||
| if [ "$DRAFT" = true ]; then | ||
| CMD="$CMD --draft" | ||
| fi | ||
|
|
||
| # Execute command | ||
| eval $CMD No newline at end of file |
There was a problem hiding this comment.
Critical: Shell injection vulnerability and command execution failure
Building a command string with eval creates multiple critical issues:
-
Shell injection vulnerability: Variables like
$TITLEand$BODYare not properly escaped. Malicious input or special characters will break out of quotes and could execute arbitrary commands. -
Will fail with multi-line content: When
$BODYcontains newlines (from$(cat .forge/FORGE_ISSUE_BODY.md)), the string concatenation andevalapproach will fail to properly preserve the content. -
Quote handling broken: The nested quoting with
\"will not work correctly witheval.
Fix: Call gh directly instead of using eval:
ARGS=("--title" "$TITLE")
[ -n "$BODY" ] && ARGS+=("--body" "$BODY")
[ -n "$LABELS" ] && ARGS+=("--label" "$LABELS")
[ -n "$ASSIGNEE" ] && ARGS+=("--assignee" "$ASSIGNEE")
[ -n "$MILESTONE" ] && ARGS+=("--milestone" "$MILESTONE")
[ "$DRAFT" = true ] && ARGS+=("--draft")
gh issue create "${ARGS[@]}"| # Build gh issue command | |
| CMD="gh issue create --title \"$TITLE\"" | |
| if [ -n "$BODY" ]; then | |
| CMD="$CMD --body \"$BODY\"" | |
| fi | |
| if [ -n "$LABELS" ]; then | |
| CMD="$CMD --label \"$LABELS\"" | |
| fi | |
| if [ -n "$ASSIGNEE" ]; then | |
| CMD="$CMD --assignee \"$ASSIGNEE\"" | |
| fi | |
| if [ -n "$MILESTONE" ]; then | |
| CMD="$CMD --milestone \"$MILESTONE\"" | |
| fi | |
| if [ "$DRAFT" = true ]; then | |
| CMD="$CMD --draft" | |
| fi | |
| # Execute command | |
| eval $CMD | |
| # Build gh issue command | |
| ARGS=("--title" "$TITLE") | |
| if [ -n "$BODY" ]; then | |
| ARGS+=("--body" "$BODY") | |
| fi | |
| if [ -n "$LABELS" ]; then | |
| ARGS+=("--label" "$LABELS") | |
| fi | |
| if [ -n "$ASSIGNEE" ]; then | |
| ARGS+=("--assignee" "$ASSIGNEE") | |
| fi | |
| if [ -n "$MILESTONE" ]; then | |
| ARGS+=("--milestone" "$MILESTONE") | |
| fi | |
| if [ "$DRAFT" = true ]; then | |
| ARGS+=("--draft") | |
| fi | |
| # Execute command | |
| gh issue create "${ARGS[@]}" | |
Spotted by Graphite Agent
Is this helpful? React 👍 or 👎 to let us know.
| Add support for dark mode theme to improve accessibility and user experience. | ||
|
|
||
| ## Problem Statement | ||
| Users have requested dark mode support through multiple feedback channels. The current light-only并发主题导致长时间使用时眼部疲劳,且不尊重用户的系统偏好设置。 |
There was a problem hiding this comment.
Mixed language content: Chinese text is embedded in the English documentation (并发主题导致长时间使用时眼部疲劳,且不尊重用户的系统偏好设置). This appears to be accidental and should be translated to English or removed.
| Users have requested dark mode support through multiple feedback channels. The current light-only并发主题导致长时间使用时眼部疲劳,且不尊重用户的系统偏好设置。 | |
| Users have requested dark mode support through multiple feedback channels. The current light-only theme causes eye fatigue during prolonged use and does not respect the user's system preference settings. |
Spotted by Graphite Agent
Is this helpful? React 👍 or 👎 to let us know.
1 participant
No description provided.