fix(propose): require shell-safe PR body handling to prevent backtick command substitution

[pentaxis93]

Problem

The propose skill currently instructs agents to create PRs with gh pr create, but it does not require a shell-safe method for multiline Markdown bodies.

In practice, this leads to command execution when PR body text includes backticks and is passed via an inline double-quoted shell string.

Incident evidence

During PR creation for issue #112 on 2026-03-10, the PR body included Markdown like `groundwork init` and `skills/skills.toml`.
Because the command used an inline quoted body, zsh evaluated backticks as command substitution.

Observed effects:

• PR body was corrupted with injected command output
• shell attempted to execute skills/skills.toml (permission denied)
• PR required manual repair via gh pr edit --body-file

Root cause

The skill lacks an explicit constraint to avoid shell-interpreted inline body strings for PR creation/edit.

This is a structural instruction gap in skills/propose/SKILL.md: it specifies what to include in the PR body, but not a safe transport mechanism for that body through a shell.

Exigence (why this needs to be fixed now)

This failure mode is high-frequency and cross-session:

• Markdown backticks are normal in PR bodies
• agents regularly invoke shell commands for gh pr create
• corruption happens silently at packaging time, reducing review quality and trust

It also introduces avoidable command execution from untrusted body content, which is a tooling-safety concern.

Without a skill-level fix, the same defect will recur whenever propose is used with inline command examples.

Scope

• skills/propose/SKILL.md
• installed copies managed by sync (.claude/skills/propose/SKILL.md, .codex/skills/propose/SKILL.md) should update through normal sk sync flow after source fix

Acceptance criteria

• propose explicitly requires shell-safe PR body transport (--body-file or single-quoted heredoc piped to file)
• propose explicitly forbids inline double-quoted multiline --body "..." patterns for Markdown bodies
• propose includes a short safe example for create/edit workflows
• failure policy mentions shell interpolation corruption as a recognized corruption mode and remediation step

[pentaxis93]

Correction: the structural follow-up issue is #117: "chore(issue-craft): enforce lifecycle-scoped acceptance criteria to prevent phase-confused execution".

This tracks the meta-level fix for lifecycle-scoped acceptance criteria and lint/enforcement so phase ownership is explicit in future issues.

[pentaxis93]

Implemented and merged in PR #118 (commit 4fa3af6). Closing as complete.