The Agent Skills Directory

[PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface. It extracts information from local proposal files (openspec/changes/<id>/proposal.md) to determine the commit title. There are no boundary markers or sanitization steps to ensure that instructions embedded in the proposal file do not influence the agent's behavior.
[COMMAND_EXECUTION]: The skill uses potentially untrusted data from proposal files in a bash command (git commit -m "<title>"). If a proposal title contains shell metacharacters such as backticks, semicolons, or quotes, it could lead to arbitrary command execution during the commit process.

commit-work