The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The Python script executes the git CLI using subprocess.run with a list of arguments rather than a shell string. This correctly handles user-supplied parameters like dates and author names, preventing shell injection vulnerabilities.
[DATA_EXPOSURE] (SAFE): The tool is restricted to reading local Git metadata such as logs and contributor lists. It performs no network operations and does not access sensitive system files or environment variables.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from Git commit messages and author names. While the tool itself lacks write or network permissions, there is a minor risk that an agent reviewing the output could be influenced by malicious instructions embedded in a repository's history. This is an inherent risk of data analysis tools and is categorized as low due to the tool's limited capabilities.

git-stats