The Agent Skills Directory

Command Execution (SAFE): The skill executes git diff, git status, and git commit to manage repository changes. These commands are standard for a developer tool and are executed within the local context without elevated privileges.
Indirect Prompt Injection (LOW): The skill ingests untrusted code changes which could contain malicious instructions meant to influence the agent.
Ingestion points: Output of git diff and git diff --staged are processed by the agent to generate commit messages.
Boundary markers: Absent. The instructions do not specify any delimiters to isolate the diff data from instructions.
Capability inventory: The agent executes a generated git commit shell command.
Sanitization: Absent. The skill does not sanitize the code content before analysis, making it susceptible to malicious comments that could manipulate the output or the generated command.
Prompt Injection (LOW): The skill includes a rule to explicitly omit the Co-Authored-By signature, which is an instruction to hide the AI's involvement in the generated content.
Dynamic Execution (LOW): The skill constructs and executes a shell command for git commit using a HEREDOC string at runtime. While the use of single quotes for the delimiter is a standard practice, the dynamic assembly of the command by the agent is a low-risk behavior.

git-commit-cn