The Agent Skills Directory

[DATA_EXFILTRATION]: The skill explicitly commands the agent to "Include ALL dirty files in the commit, even if they were not related to this session's work" using git add -A. This practice is highly risky as it can lead to the accidental staging and subsequent pushing of sensitive files, such as environment variables (.env), private keys, or credentials that were not intended for the repository.
[PROMPT_INJECTION]: The skill employs extremely forceful and directive language, such as "CRITICAL," "MANDATORY," "NON-NEGOTIABLE," and "NEVER stop before pushing." These instructions are designed to override the agent's typical safety constraints and force it to perform outbound network operations (git push) without seeking user confirmation.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface. It requires the agent to read and update GitHub issue bodies and resolve merge conflicts by keeping "ALL changes." Malicious instructions embedded in external issue content or conflicting files could be processed and acted upon by the agent.
[COMMAND_EXECUTION]: The skill executes several powerful CLI tools, including git and the gh (GitHub) CLI. It also requires the execution of arbitrary repository-defined scripts for "quality gates" such as linters, type checks, and builds, which could be exploited if the repository contains malicious code.
[COMMAND_EXECUTION]: The use of git stash clear is a destructive command that removes local stashed work permanently without a backup, which could lead to data loss if not carefully monitored by the user.

landing-the-plane