The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a dynamic discovery mechanism to locate its own scripts by searching through $PWD, ${SKILLS_HOME:-}, and the user's $HOME directory. Searching such broad paths, particularly the home directory, introduces a risk where the agent could inadvertently execute malicious scripts planted by an attacker in a matching directory structure.
Evidence: The path discovery logic in SKILL.md uses find "$root" -type d -path '*/eliteforge-git-specification/scripts' across multiple root directories.
[COMMAND_EXECUTION]: Several bash scripts lack proper shell quoting when handling variables that may be influenced by external data, such as Git branch names. This pattern can lead to shell injection if an attacker can manipulate the local repository state to include branch names with special shell characters.
Evidence: git checkout $old_branch and git branch -m $new_branch in scripts/rename_git_branch use unquoted variables.
Evidence: git checkout ${branch}/$version in scripts/check_merge uses unquoted variable interpolation.
[COMMAND_EXECUTION]: The rename_git_branch script utilizes the --no-verify flag during Git push operations. This flag explicitly bypasses client-side Git hooks (e.g., pre-commit, pre-push), which are commonly used to enforce security policies, secrets scanning, and code quality checks.
Evidence: Multiple instances of git push --no-verify in scripts/rename_git_branch.

eliteforge-git-specification