The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted content from staged files and git diffs, which creates a potential surface for indirect prompt injection. Malicious instructions embedded in code comments or diff data could attempt to influence the agent's behavior during the review and commit workflow.
Ingestion points: Staged file content accessed via git diff --cached (Step 1, Step 8) and classification logic in scripts/classify-staged-files.sh.
Boundary markers: No explicit delimiters are used to separate untrusted code data from the agent's instructions.
Capability inventory: The skill has capabilities to execute shell commands via npx, perform network operations via git push, and execute third-party CLI tools like semgrep and coderabbit.
Sanitization: No sanitization or filtering of the diff content is performed before the agent reviews it.
[EXTERNAL_DOWNLOADS]: The skill uses npx to execute various development tools (ESLint, Svelte-Check, Vitest), which may download packages from the npm registry if they are not already installed locally. It also runs Semgrep with the auto configuration, which retrieves rules from the Semgrep registry. These are standard operations for development environments.
[DATA_EXFILTRATION]: The skill includes an optional --push flag that uploads code to a remote repository via git push. Additionally, the optional --review flag sends uncommitted changes to CodeRabbit's external service for analysis. Both actions are user-triggered features and are explicitly documented.

quality-commit