The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions for using standard Git commands (git diff, git add, git apply) and basic filesystem commands (mkdir). These are legitimate uses within the context of a development tool and do not involve unauthorized privilege escalation or persistence.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it involves reading and processing untrusted file content from the repository. * Ingestion points: File content is read via git diff into tmp/full.patch as described in 'Method 2'. * Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided in the prompt templates. * Capability inventory: The agent can execute Git commands and write to local files. * Sanitization: No automated sanitization is performed on the patch content before the agent is asked to edit it. This is considered an inherent risk of the task and is classified as low severity.

git-staging