github-comment-body-file-safety
Prevent shell-quoting and command-substitution bugs when posting GitHub issue/PR comments or editing bodies with gh CLI.
Best use case
github-comment-body-file-safety is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Prevent shell-quoting and command-substitution bugs when posting GitHub issue/PR comments or editing bodies with gh CLI.
Teams using github-comment-body-file-safety should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/github-comment-body-file-safety/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How github-comment-body-file-safety Compares
| Feature / Agent | github-comment-body-file-safety | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Prevent shell-quoting and command-substitution bugs when posting GitHub issue/PR comments or editing bodies with gh CLI.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# GitHub Comment Body-File Safety ## Problem Inline `gh ... --body "..."` looks convenient, but shell parsing happens before GitHub CLI sees the text. If the body contains backticks, `$()`, code fences, or other shell-significant characters, the shell can: - execute unintended commands - strip or mangle content - turn file paths into failing shell commands - post broken comments This happened in live use when a GitHub comment included markdown code spans like `docs/plans/...` and `tests/...` inline; the shell tried to execute those paths. ## Rule If the body contains any markdown/code formatting or dynamic content, use `--body-file`. Do not use inline `--body`. ## Safe pattern ```bash cat > /tmp/gh-comment.md <<'EOF' Planning update: - Draft saved at `docs/plans/2026-04-20-issue-2419-skill-markdown-contract-drift.md` - Index updated in `docs/plans/README.md` - Next check: `uv run pytest tests/skills/test_repo_skill_parity_merges.py -q` EOF gh issue comment 2419 --body-file /tmp/gh-comment.md ``` Also use the same pattern for: - `gh pr comment ... --body-file` - `gh issue edit ... --body-file` - `gh pr edit ... --body-file` - `gh issue create ... --body-file` Important: this is not just a comment/edit problem. `gh issue create --body "..."` is equally vulnerable. In live use, an inline create body containing markdown code spans caused bash to try executing repo paths and run IDs, producing a malformed issue body. The safe recovery was to rewrite the intended issue body to a temp markdown file and run `gh issue edit --body-file ...`. ## When body-file is mandatory Use `--body-file` if the text includes: - backticks: `` `...` `` - command substitutions: `$()` - fenced code blocks - file paths or commands copied from plans/tests - multiline markdown - text generated from tools/scripts - any user-provided content you did not fully hand-escape ## Recovery pattern If an inline comment/body was already posted and looks mangled: 1. write the intended text to a temp markdown file 2. re-post or edit using `--body-file` 3. for malformed new issues created via `gh issue create --body`, immediately repair the issue with `gh issue edit --body-file <file>` 4. verify the rendered GitHub comment/body afterward ## Minimal checklist Before any `gh ... --body` call, ask: 1. Does this text contain backticks or markdown? If yes, use `--body-file`. 2. Was any part of this text produced dynamically? If yes, use `--body-file`. 3. Do I want exact rendering with zero shell interpretation? If yes, use `--body-file`. ## Bottom line `--body-file` is the safe default. Inline `--body` is only for truly simple, shell-safe one-liners.
Related Skills
marine-safety-incidents
Collect, analyze, and report marine safety incident data from 7 global maritime authorities. Use for incident scraping, safety trend analysis, risk assessment, geographic hotspot identification, and marine safety reporting.
tax-filing-session-setup-with-github-tracking
Structured workflow for preparing and tracking a tax filing session using prepared documents, task checklist, and GitHub issue cross-referencing
tax-filing-session-setup-with-github-traceability
Structured workflow for setting up a multi-file tax filing session with GitHub issue tracking and prepared-file validation
nested-git-repo-stash-safety
How to safely stash changes in a parent repo containing dirty nested git repositories
multi-file-tax-reconciliation-workflow
Systematic parallel review and reconciliation of multi-document tax filings with cross-reference validation
multi-file-tax-prep-orchestration
Structured approach to complex multi-file tax return preparation with traceability and planning
github-issue-structure-for-personal-finance-tracking
Pattern for organizing financial analysis work across multiple repos (data/config vs. logic separation)
git-large-file-staging-conflict-recovery
Recover from pre-commit hook blocks on oversized files and corrupted rebase states during bulk repo syncs
freetaxusa-eefile-navigation-pattern
Handling session timeouts and navigating FreeTaxUSA's multi-step e-filing flow to the signature page
interactive-Codex-to-file-based-fallback
Switch from tmux/interactive Codex to file-based Codex -p execution when interactive runs fail with upstream errors or analysis-only stalls, then verify landing from git/GitHub state.
preserved-plan-refile-with-attested-review-wave
Reopen a previously closed GitHub issue with a preserved local plan, rewrite it into a conservative draft, and drive iterative attested adversarial review waves until it is truly approval-ready.
plan-draft-review-artifact-truthfulness-and-issue-body-alignment
Keep plan drafts truthful during adversarial review loops by verifying real provider artifact state on disk and aligning the GitHub issue body to the bounded plan tranche before claiming approval-readiness.