The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes standard system commands (git, gh) for repository management. It demonstrates security awareness by explicitly forbidding dangerous patterns like git add . and mandating the use of HEREDOCs to prevent shell injection when handling user-provided commit messages or PR descriptions.
[DATA_EXFILTRATION] (SAFE): Although the skill performs network operations (pushing to remotes), this is consistent with its primary purpose. It includes a proactive 'Secret detection' phase in the Commit Workflow that specifically scans for and warns the user about .env files, credentials, and tokens to prevent accidental data leakage.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data from the local file system (config files) and Git history (previous commit messages). While this presents a surface for indirect injection, the risk is mitigated by a human-in-the-loop requirement where the user must approve all generated drafts before execution.
Ingestion points: .claude/git-workflow.local.md config file, git log output, and git diff content.
Boundary markers: Uses HEREDOC delimiters for command execution to separate data from commands.
Capability inventory: Subprocess execution of git and gh for file modification and network sync.
Sanitization: Implements interactive validation for configuration setup and explicit schema checks.

git-workflow