The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the agent to execute a local shell script ('scripts/smart_commit.sh') to perform repository operations. The instructions mandate using the script ('ALWAYS use the script') rather than manual commands, which reduces user visibility into the specific git operations being performed.
[DATA_EXFILTRATION]: The automated workflow implements a 'stage-all-and-push' pattern. By executing 'git add .' followed by 'git push', the skill creates a risk of exfiltrating sensitive local data. Files containing credentials, secrets, or private configuration (e.g., .env, .aws/credentials) will be uploaded to the remote repository if they are not explicitly listed in the .gitignore file.
[REMOTE_CODE_EXECUTION]: Although the script is provided within the skill package, the workflow relies on the execution of an external bash script to perform critical actions. This represents a risk of executing code that handles sensitive repository data without granular user oversight for each step.
[DATA_EXPOSURE]: The script reads the current branch name and staging status using git commands. This provides the agent and the remote server with information about the local development environment and repository structure.
[DATA_EXPOSURE]: The skill processes local repository content as untrusted input for the git staging and push operations. It lacks boundary markers or sanitization to prevent the accidental or malicious inclusion of sensitive data in the push operation.

git-pushing-v3